Vulnerabilities > CVE-2017-8900 - Unspecified vulnerability in Lightdm Project Lightdm
Attack vector
PHYSICAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2017-159A1060F6.NASL description - lightdm-1.24.0 - Disable guest login as system default preset (CVE-2017-8900) - Modernize spec-file Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 105821 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105821 title Fedora 27 : lightdm (2017-159a1060f6) NASL family Fedora Local Security Checks NASL id FEDORA_2017-66ADAFEB3B.NASL description - Disable guest login as system default preset (CVE-2017-8900) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-09-15 plugin id 103232 published 2017-09-15 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103232 title Fedora 25 : lightdm (2017-66adafeb3b) NASL family Fedora Local Security Checks NASL id FEDORA_2017-D793FEF58F.NASL description - lightdm-1.24.0 - Disable guest login as system default preset (CVE-2017-8900) - Modernize spec-file Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-09-15 plugin id 103236 published 2017-09-15 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103236 title Fedora 26 : lightdm (2017-d793fef58f) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3285-1.NASL description Tyler Hicks discovered that LightDM did not confine the user session for guest users. An attacker with physical access could use this issue to access files and other resources that they should not be able to access. In the default installation, this includes files in the home directories of other users on the system. This update fixes the issue by disabling the guest session. It may be re-enabled in a future update. Please see the bug referenced below for instructions on how to manually re-enable the guest session. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100156 published 2017-05-12 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100156 title Ubuntu 16.10 / 17.04 : lightdm vulnerability (USN-3285-1)
References
- http://www.securityfocus.com/bid/98554
- http://www.securityfocus.com/bid/98554
- https://launchpad.net/bugs/1663157
- https://launchpad.net/bugs/1663157
- https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.html
- https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.html
- https://www.ubuntu.com/usn/usn-3285-1/
- https://www.ubuntu.com/usn/usn-3285-1/