| Vulnerability Name: | CVE-2012-0943 (CCN-73998) | ||||||||||||||||
| Assigned: | 2012-03-13 | ||||||||||||||||
| Published: | 2012-03-13 | ||||||||||||||||
| Updated: | 2014-05-30 | ||||||||||||||||
| Summary: | debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. Note: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue. | ||||||||||||||||
| CVSS v3 Severity: | 5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P) 1.8 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)
3.1 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-264 | ||||||||||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2012-0943 Source: CCN Type: freedesktop.org Web site freedesktop.org - Software/LightDM Source: CCN Type: OSVDB ID: 80033 gdm-guest-session guest-session-cleanup.sh Guest Session Temporary File Cleaning Arbitrary File Deletion Source: CCN Type: BID-52452 LightDM Arbitrary File Deletion Vulnerability Source: UBUNTU Type: Patch, Vendor Advisory USN-1399-2 Source: CCN Type: USN-1399-2 Light Display Manager vulnerability Source: CONFIRM Type: UNKNOWN https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044 Source: XF Type: UNKNOWN lightdm-file-deletion(73998) Source: MISC Type: UNKNOWN https://launchpadlibrarian.net/96471251/lightdm.secure-cleanup.debdiff | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||