CVE-2011-3349

Sažetak

lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.

Reference

https://access.redhat.com/security/cve/cve-2011-3349
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639151
https://bugs.launchpad.net/debian/+source/lightdm/+bug/834079
https://seclists.org/oss-sec/2011/q3/393
https://security-tracker.debian.org/tracker/CVE-2011-3349
https://www.securityfocus.com/bid/50506

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

03-12-2019 - 16:19

Objavljeno

19-11-2019 - 22:15