CVE-2017-7358
published 2017-04-05CVE-2017-7358: In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate…
PriorityP342high7.3CVSS 3.0
AVLACLPRLUIRSUCHIHAH
EXPLOIT
EPSS
2.67%
83.9th percentile
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | lightdm | — | — |
| lightdm_project | lightdm | <= 1.22.0 | — |
| lightdm_project | lightdm | >= 0 < 1.18.3-0ubuntu1.1 | 1.18.3-0ubuntu1.1 |
CVSS provenance
nvdv3.07.3HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv7.3HIGH
vendor_debian7.3LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-487j-vfqw-h49x: In LightDM through 1
ghsa_unreviewed·2022-05-17
CVE-2017-7358 [HIGH] CWE-22 GHSA-487j-vfqw-h49x: In LightDM through 1
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
OSV
CVE-2017-7358: In LightDM through 1
osv·2017-04-04·CVSS 7.3
CVE-2017-7358 [HIGH] CVE-2017-7358: In LightDM through 1
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
Ubuntu
LightDM vulnerability
vendor_ubuntu·2017-04-04
CVE-2017-7358 LightDM vulnerability
Title: LightDM vulnerability
Summary: LightDM could be made to run programs as an administrator.
It was discovered that LightDM incorrectly handled home directory creation for
guest users. A local attacker could use this issue to gain ownership of
arbitrary directory paths and possibly gain administrative privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2017-7358: lightdm - In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.s...
vendor_debian·2017·CVSS 7.3
CVE-2017-7358 [HIGH] CVE-2017-7358: lightdm - In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.s...
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No writeups or analysis indexed.
http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/2478http://www.securityfocus.com/bid/97486https://launchpad.net/bugs/1677924https://lists.freedesktop.org/archives/lightdm/2017-April/001059.htmlhttps://www.exploit-db.com/exploits/41923/https://www.ubuntu.com/usn/usn-3255-1/http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/2478http://www.securityfocus.com/bid/97486https://launchpad.net/bugs/1677924https://lists.freedesktop.org/archives/lightdm/2017-April/001059.htmlhttps://www.exploit-db.com/exploits/41923/https://www.ubuntu.com/usn/usn-3255-1/
2017-04-05
Published