High severity7.3NVD Advisory· Published Apr 5, 2017· Updated May 13, 2026

CVE-2017-7358

Description

In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.

Affected products

Lightdm Project/Lightdm
cpe:2.3:a:lightdm_project:lightdm:*:*:*:*:*:*:*:*
Range: <=1.22.0
Canonical/Ubuntu Linux2 versions
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/2478nvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/97486nvdThird Party AdvisoryVDB Entry
launchpad.net/bugs/1677924nvdThird Party AdvisoryVDB Entry
lists.freedesktop.org/archives/lightdm/2017-April/001059.htmlnvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/usn-3255-1/nvdThird Party Advisory
www.exploit-db.com/exploits/41923/nvd

News mentions

No linked articles in our index yet.

cvss	0.474
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000