rpm package
opensuse/lightdm&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/lightdm&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2011-3349 | — | < 1.21.1-1.1 | 1.21.1-1.1 | Nov 19, 2019 | lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation. | ||
| CVE-2012-1111 | — | < 1.21.1-1.1 | 1.21.1-1.1 | Oct 27, 2014 | lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact. | ||
| CVE-2011-3153 | — | < 1.21.1-1.1 | 1.21.1-1.1 | Mar 6, 2014 | dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc. | ||
| CVE-2011-4105 | — | < 1.21.1-1.1 | 1.21.1-1.1 | Feb 17, 2012 | LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority. |
- CVE-2011-3349Nov 19, 2019affected < 1.21.1-1.1fixed 1.21.1-1.1
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.
- CVE-2012-1111Oct 27, 2014affected < 1.21.1-1.1fixed 1.21.1-1.1
lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact.
- CVE-2011-3153Mar 6, 2014affected < 1.21.1-1.1fixed 1.21.1-1.1
dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.
- CVE-2011-4105Feb 17, 2012affected < 1.21.1-1.1fixed 1.21.1-1.1
LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.