Skip to main content

Ubuntu CVE-2012-0943

LOW
Permissions, Privileges, and Access Controls (CWE-264)
2014-05-22 security@ubuntu.com
2.1
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:N/C:N/I:N/A:P
Attack Vector
Local
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
May 22, 2014 - 23:55 cve.org
LOW 2.1

DescriptionCVE.org

debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue.

AnalysisAI

debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-264. debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue. Affected products include: Robert Ancell Lightdm, Canonical Ubuntu Linux. Version information: before 1.0.6.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2012-0943 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy