CVE-2017-8900
published 2017-05-12CVE-2017-8900: LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit…
PriorityP421medium4.6CVSS 3.0
AVPACLPRNUINSUCHINAN
EPSS
0.42%
33.5th percentile
LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | lightdm | — | — |
| lightdm_project | lightdm | <= 1.22.0 | — |
CVSS provenance
nvdv3.04.6MEDIUMCVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_debian4.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
LightDM vulnerability
vendor_ubuntu·2017-05-12
CVE-2017-8900 LightDM vulnerability
Title: LightDM vulnerability
Summary: LightDM could allow unintended access to files.
Tyler Hicks discovered that LightDM did not confine the user session for guest
users. An attacker with physical access could use this issue to access files
and other resources that they should not be able to access. In the default
installation, this includes files in the home directories of other users on the
system. This update fixes the issue by disabling the guest session. It may be
re-enabled in a future update. Please see the bug referenced below for
instructions on how to manually re-enable the guest session.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Debian
CVE-2017-8900: lightdm - LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows ph...
vendor_debian·2017·CVSS 4.6
CVE-2017-8900 [MEDIUM] CVE-2017-8900: lightdm - LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows ph...
LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-2r8v-9m34-p378: LightDM through 1
ghsa_unreviewed·2022-05-13
CVE-2017-8900 [MEDIUM] GHSA-2r8v-9m34-p378: LightDM through 1
LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/98554https://launchpad.net/bugs/1663157https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.htmlhttps://www.ubuntu.com/usn/usn-3285-1/http://www.securityfocus.com/bid/98554https://launchpad.net/bugs/1663157https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.htmlhttps://www.ubuntu.com/usn/usn-3285-1/
2017-05-12
Published