CVE-2015-0856 — Project Sddm vulnerability

CWE-2647 documents6 sources

Severity

4.6MEDIUMNVD

EPSS

0.2%

top 62.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sddm Project Sddm Fedoraproject Fedora

Timeline

PublishedNov 24

Latest updateMay 17

Description

daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶Debiansddm_project/sddm< 0.12.0-5+3

▶NVDsddm_project/sddm0.12.0

Also affects: Fedora 22

🔴Vulnerability Details

GHSA

GHSA-h2j2-9mv7-h7rv: daemon/Greeter↗2022-05-17

▶

OSV

CVE-2015-0856: daemon/Greeter↗2015-11-24

▶

CVEList

CVE-2015-0856: daemon/Greeter↗2015-11-24

▶

📋Vendor Advisories

Debian

CVE-2015-0856: sddm - daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash...↗2015

▶

💬Community

Bugzilla

CVE-2015-0856 sddm: Access to the KDE crash handler↗2015-10-15

▶

Bugzilla

CVE-2015-0856 sddm: Access to the KDE crash handler [fedora-all]↗2015-10-15

▶