exec access on Ubuntu 16.04 Screenlock as lightdm user

Launchpad Bug Tracker Tue, 07 Mar 2017 09:52:31 -0800

This bug was fixed in the package network-manager-applet -
0.9.4.1-0ubuntu2.6


---------------
network-manager-applet (0.9.4.1-0ubuntu2.6) precise-security; urgency=medium

  * SECURITY UPDATE: file access from login screen (LP: #1668321)
    - debian/patches/applet-Check-the-user-has-permission-to-modify-befor.patch:
      check permissions before showing dialog in src/applet-device-wifi.c.
    - No CVE number

 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>  Mon, 06 Mar 2017
11:26:10 -0500

** Changed in: network-manager-applet (Ubuntu Precise)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1668321

Title:
  Vulnerability allows read/write/exec access on Ubuntu 16.04 Screenlock
  as lightdm user

Status in network-manager-applet package in Ubuntu:
  Confirmed
Status in network-manager-applet source package in Precise:
  Fix Released
Status in network-manager-applet source package in Trusty:
  Fix Released
Status in network-manager-applet source package in Xenial:
  Fix Released
Status in network-manager-applet source package in Yakkety:
  Fix Released
Status in network-manager-applet source package in Zesty:
  Confirmed

Bug description:
  Hi,

  We just found a vulnerability in lightdm who could lead us to read files with 
lightdm permissions, an also write in some directories. 
  We were able to download a reverse_shell payload and execute it in order to 
gain a reverse shell as lightdm on a remote system.

  The exploitation require a physical access to the locked computeur and
  the Wi-fi must be turned on. A access point who let you use a
  certificate to log-in is required as well but it's easy to create one.

  Then, it's possible to open a nautilus window and browse directories.
  We also can open some application such as Firefox which is useful to
  download malicious binaries :-)

  See this video for the PoC :
  https://www.youtube.com/watch?v=Fp2lwRVg0l0

  
  ---------
  Some info about the Ubuntu version I used on the video above :

  $ lsb_release -rd
  Description:  Ubuntu 16.04.2 LTS
  Release:      16.04

  
  $ apt-cache policy lightdm
  lightdm:
    Installé : 1.18.3-0ubuntu1
    Candidat : 1.18.3-0ubuntu1
   Table de version :
   *** 1.18.3-0ubuntu1 500
          500 http://fr.archive.ubuntu.com/ubuntu xenial-updates/main amd64 
Packages
          100 /var/lib/dpkg/status
       1.18.1-0ubuntu1 500
          500 http://fr.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
  ----------------

  I let you time for correction before publishing the discovery.

  If you have any question please let me know!

  Regards,

  Quentin Biguenet

  --
  Orange Cyber-Defense
  quentin.bigue...@orange.com

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to     : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1668321] Re: Vulnerability allows read/write/exec access on Ubuntu 16.04 Screenlock as lightdm user

Reply via email to