Vulnerability Description
LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lightdm Project | Lightdm | <= 1.22.0 |
| Canonical | Ubuntu Linux | 16.10 |
References
- http://www.securityfocus.com/bid/98554Third Party AdvisoryVDB Entry
- https://launchpad.net/bugs/1663157Issue TrackingPatchVendor Advisory
- https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.htmlPatchVendor Advisory
- https://www.ubuntu.com/usn/usn-3285-1/PatchVendor Advisory
- http://www.securityfocus.com/bid/98554Third Party AdvisoryVDB Entry
- https://launchpad.net/bugs/1663157Issue TrackingPatchVendor Advisory
- https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.htmlPatchVendor Advisory
- https://www.ubuntu.com/usn/usn-3285-1/PatchVendor Advisory
FAQ
What is CVE-2017-8900?
CVE-2017-8900 is a vulnerability with a CVSS score of 4.6 (MEDIUM). LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users ...
How severe is CVE-2017-8900?
CVE-2017-8900 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8900?
Check the references section above for vendor advisories and patch information. Affected products include: Lightdm Project Lightdm, Canonical Ubuntu Linux.