Untriaged
lightdm before 0.9.6 writes in .dmrc and Xauthority files using …
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.
References
- https://access.redhat.com/security/cve/cve-2011-3349 x_refsource_MISC
- https://www.securityfocus.com/bid/50506 x_refsource_MISC
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639151 x_refsource_MISC
- https://bugs.launchpad.net/debian/+source/lightdm/+bug/834079 x_refsource_MISC
- https://seclists.org/oss-sec/2011/q3/393 x_refsource_MISC
- https://security-tracker.debian.org/tracker/CVE-2011-3349 x_refsource_MISC
- https://security-tracker.debian.org/tracker/CVE-2011-3349 x_refsource_MISC x_transferred
- https://access.redhat.com/security/cve/cve-2011-3349 x_refsource_MISC x_transferred
- https://www.securityfocus.com/bid/50506 x_refsource_MISC x_transferred
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639151 x_refsource_MISC x_transferred
- https://bugs.launchpad.net/debian/+source/lightdm/+bug/834079 x_refsource_MISC x_transferred
- https://seclists.org/oss-sec/2011/q3/393 x_refsource_MISC x_transferred
- https://security-tracker.debian.org/tracker/CVE-2011-3349 x_refsource_MISC
- https://access.redhat.com/security/cve/cve-2011-3349 x_refsource_MISC
- https://www.securityfocus.com/bid/50506 x_refsource_MISC
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639151 x_refsource_MISC
- https://bugs.launchpad.net/debian/+source/lightdm/+bug/834079 x_refsource_MISC
- https://seclists.org/oss-sec/2011/q3/393 x_refsource_MISC
- https://security-tracker.debian.org/tracker/CVE-2011-3349 x_refsource_MISC x_transferred
- https://access.redhat.com/security/cve/cve-2011-3349 x_refsource_MISC x_transferred
- https://www.securityfocus.com/bid/50506 x_refsource_MISC x_transferred
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639151 x_refsource_MISC x_transferred
- https://bugs.launchpad.net/debian/+source/lightdm/+bug/834079 x_refsource_MISC x_transferred
- https://seclists.org/oss-sec/2011/q3/393 x_refsource_MISC x_transferred
Affected products
lightdm
- ==before 0.9.6
Matching in nixpkgs
pkgs.lightdm
Cross-desktop display manager
pkgs.lightdm_qt
Cross-desktop display manager
pkgs.lightdm-gtk-greeter
GTK greeter for LightDM
pkgs.lightdm-mini-greeter
Minimal, configurable, single-user GTK3 LightDM greeter
pkgs.lightdm-tiny-greeter
Tiny multi user lightdm greeter
pkgs.lightdm-slick-greeter
Slick-looking LightDM greeter
pkgs.lightdm-mobile-greeter
Simple log in screen for use on touch screens
-
nixos-unstable 2022-10-30
- nixpkgs-unstable 2022-10-30
- nixos-unstable-small 2022-10-30
-
nixos-25.11 2022-10-30
- nixos-25.11-small 2022-10-30
- nixpkgs-25.11-darwin 2022-10-30
Package maintainers
-
@davidak David Kleuker <post@davidak.de>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@eadwu Edmund Wu <edmund.wu@protonmail.com>
-
@mnacamura Mitsuhiro Nakamura <m.nacamura@gmail.com>
-
@prikhi Pavan Rikhi <pavan.rikhi@gmail.com>
-
@water-sucks Varun Narravula <varun@snare.dev>
-
@edwtjo Edward Tjörnhammar <ed@cflags.cc>