CVE-2017-7358

high

Description

In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.

References

Advisories
Exploits

https://www.ubuntu.com/usn/usn-3255-1/

https://lists.freedesktop.org/archives/lightdm/2017-April/001059.html

https://launchpad.net/bugs/1677924

http://www.securityfocus.com/bid/97486

http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/2478

https://www.exploit-db.com/exploits/41923/

Details

Source: Mitre, NVD

Published: 2017-04-05

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01019

Detections

Analytics