subject:"Re\: \[Desktop\-packages\] \[Bug 1677924\] Re\: Local privilege escalation via guest user login"

Re: [Desktop-packages] [Bug 1677924] Re: Local privilege escalation via guest user login

2018-04-22 Thread Noam Rathaus

Sorry for being ignorant about this, but I don't know where to look

I looked at Bugzilla for Kernel.org and it doesn't show there

Where should I look?

On Sun, Apr 22, 2018 at 2:24 PM, Oliver Grawert  wrote:
> This security fix seems to have caused some fallout ... see bug 1733557
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1677924
>
> Title:
>   Local privilege escalation via guest user login
>
> Status in Light Display Manager:
>   Fix Released
> Status in Light Display Manager 1.18 series:
>   Fix Released
> Status in Light Display Manager 1.20 series:
>   Fix Released
> Status in Light Display Manager 1.22 series:
>   Fix Released
> Status in lightdm package in Ubuntu:
>   Fix Released
> Status in lightdm source package in Xenial:
>   Fix Released
> Status in lightdm source package in Yakkety:
>   Fix Released
> Status in lightdm source package in Zesty:
>   Fix Released
>
> Bug description:
>   It was discovered that a local attacker could watch for lightdm's
>   guest-account script to create a /tmp/guest-XX file and then quickly 
> create
>   the lowercase representation of the guest user's home directory before 
> lightdm
>   could. This allowed the attacker to have control of the guest user's home
>   directory and, subsequently, gain control of an arbitrary directory in the
>   filesystem which could lead to privilege escalation.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/lightdm/+bug/1677924/+subscriptions


--

Thanks,
Noam Rathaus
Beyond Security

PGP Key ID: 7EF920D3C045D63F (Exp 2019-03)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1677924

Title:
  Local privilege escalation via guest user login

Status in Light Display Manager:
  Fix Released
Status in Light Display Manager 1.18 series:
  Fix Released
Status in Light Display Manager 1.20 series:
  Fix Released
Status in Light Display Manager 1.22 series:
  Fix Released
Status in lightdm package in Ubuntu:
  Fix Released
Status in lightdm source package in Xenial:
  Fix Released
Status in lightdm source package in Yakkety:
  Fix Released
Status in lightdm source package in Zesty:
  Fix Released

Bug description:
  It was discovered that a local attacker could watch for lightdm's
  guest-account script to create a /tmp/guest-XX file and then quickly 
create
  the lowercase representation of the guest user's home directory before lightdm
  could. This allowed the attacker to have control of the guest user's home
  directory and, subsequently, gain control of an arbitrary directory in the
  filesystem which could lead to privilege escalation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1677924/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Desktop-packages] [Bug 1677924] Re: Local privilege escalation via guest user login

2017-04-20 Thread Noam Rathaus

Hi

Thanks for the update

---
Thanks,
Noam Rathaus

On Apr 21, 2017 04:15, "Tyler Hicks"  wrote:

> As a note to any backporters, the original fix for this bug should
> include the following change as well:
>
>   https://code.launchpad.net/~tyhicks/lightdm/guest-dir-
> perms/+merge/322906
>
> It is technically optional but definitely recommended.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1677924
>
> Title:
>   Local privilege escalation via guest user login
>
> Status in Light Display Manager:
>   Fix Released
> Status in Light Display Manager 1.18 series:
>   Fix Released
> Status in Light Display Manager 1.20 series:
>   Fix Released
> Status in Light Display Manager 1.22 series:
>   Fix Released
> Status in lightdm package in Ubuntu:
>   Fix Released
> Status in lightdm source package in Xenial:
>   Fix Released
> Status in lightdm source package in Yakkety:
>   Fix Released
> Status in lightdm source package in Zesty:
>   Fix Released
>
> Bug description:
>   It was discovered that a local attacker could watch for lightdm's
>   guest-account script to create a /tmp/guest-XX file and then quickly
> create
>   the lowercase representation of the guest user's home directory before
> lightdm
>   could. This allowed the attacker to have control of the guest user's home
>   directory and, subsequently, gain control of an arbitrary directory in
> the
>   filesystem which could lead to privilege escalation.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/lightdm/+bug/1677924/+subscriptions
>

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1677924

Title:
  Local privilege escalation via guest user login

Status in Light Display Manager:
  Fix Released
Status in Light Display Manager 1.18 series:
  Fix Released
Status in Light Display Manager 1.20 series:
  Fix Released
Status in Light Display Manager 1.22 series:
  Fix Released
Status in lightdm package in Ubuntu:
  Fix Released
Status in lightdm source package in Xenial:
  Fix Released
Status in lightdm source package in Yakkety:
  Fix Released
Status in lightdm source package in Zesty:
  Fix Released

Bug description:
  It was discovered that a local attacker could watch for lightdm's
  guest-account script to create a /tmp/guest-XX file and then quickly 
create
  the lowercase representation of the guest user's home directory before lightdm
  could. This allowed the attacker to have control of the guest user's home
  directory and, subsequently, gain control of an arbitrary directory in the
  filesystem which could lead to privilege escalation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1677924/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Desktop-packages] [Bug 1677924] Re: Local privilege escalation via guest user login

Re: [Desktop-packages] [Bug 1677924] Re: Local privilege escalation via guest user login

2 matches

Site Navigation

Mail list logo

Footer information