CVE-2011-4105
Severity CVSS v4.0:
Pending analysis
Type:
CWE-59
Link Following
Publication date:
17/02/2012
Last modified:
11/04/2025
Description
LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.
Impact
Base Score 2.0
1.90
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:robert_ancell:lightdm:*:*:*:*:*:*:*:* | 1.0.5 (including) | |
| cpe:2.3:a:robert_ancell:lightdm:0.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:robert_ancell:lightdm:0.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:robert_ancell:lightdm:0.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:robert_ancell:lightdm:0.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:robert_ancell:lightdm:0.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:robert_ancell:lightdm:0.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:robert_ancell:lightdm:0.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:robert_ancell:lightdm:0.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:robert_ancell:lightdm:0.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:robert_ancell:lightdm:0.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:robert_ancell:lightdm:0.2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:robert_ancell:lightdm:0.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:robert_ancell:lightdm:0.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:robert_ancell:lightdm:0.3.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.freedesktop.org/archives/lightdm/2011-November/000178.html
- http://www.openwall.com/lists/oss-security/2011/11/02/10
- http://www.openwall.com/lists/oss-security/2011/11/02/6
- http://www.openwall.com/lists/oss-security/2011/11/02/9
- http://www.ubuntu.com/usn/USN-1262-1
- http://lists.freedesktop.org/archives/lightdm/2011-November/000178.html
- http://www.openwall.com/lists/oss-security/2011/11/02/10
- http://www.openwall.com/lists/oss-security/2011/11/02/6
- http://www.openwall.com/lists/oss-security/2011/11/02/9
- http://www.ubuntu.com/usn/USN-1262-1