CVE-2017-8900 in Ubuntu

CVE-2017-8900

Priority

Medium

Description

LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x,
allows physically proximate attackers to bypass intended AppArmor
restrictions and visit the home directories of arbitrary users by
establishing a guest session.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8900
https://usn.ubuntu.com/usn/usn-3285-1

Bugs

https://launchpad.net/bugs/1663157

Notes

tyhicks> This issue was introduced when the user session handling moved from
upstart to systemd in Ubuntu 16.10.

Assigned-to

tyhicks

Package

Source: lightdm (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	not-affected
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected
Ubuntu 17.04 (Zesty Zapus):	released (1.22.0-0ubuntu2.1)
Ubuntu 17.10 (Artful Aardvark):	released (1.22.0-0ubuntu4)

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2017-12-15 20:36:00 UTC (commit 13913)