CVE-2013-4331

Published: 12 September 2013

Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file.

Notes

Author	Note
mdeslaur	couldn't reproduce on quantal

Priority

Status

Package	Release	Status
lightdm Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Not vulnerable (1.2.3-0ubuntu2.3)
	quantal	Not vulnerable (1.4.0-0ubuntu2)
	raring	Released (1.6.0-0ubuntu3.1)
	upstream	Released (1.4.3,1.6.2,1.7.14)
	Patches: upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1571 upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1576 upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1577 upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1641 upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1652 upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1653 upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1675 upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1780 upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1781

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›