Vulnerabilities > CVE-2019-20373
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 | |
Application | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2064.NASL description It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege escalation. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 132776 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132776 title Debian DLA-2064-1 : ldm security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4601.NASL description It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project, incorrectly parsed responses from an SSH server, which could result in local root privilege escalation. last seen 2020-06-01 modified 2020-06-02 plugin id 132761 published 2020-01-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132761 title Debian DSA-4601-1 : ldm - security update
References
- https://git.launchpad.net/~ltsp-upstream/ltsp/+git/ldm/commit/?id=c351ac69ef63ed6c84221cef73e409059661b8ba
- https://git.launchpad.net/~ltsp-upstream/ltsp/+git/ldm/commit/?id=c351ac69ef63ed6c84221cef73e409059661b8ba
- https://lists.debian.org/debian-lts-announce/2020/01/msg00007.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00007.html
- https://www.debian.org/security/2020/dsa-4601
- https://www.debian.org/security/2020/dsa-4601