Ubuntu 16.10 / 17.04 : lightdm vulnerability (USN-3285-1)

Ubuntu Security Notice (C) 2017 Canonical, Inc. / NASL script (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Tyler Hicks discovered that LightDM did not confine the user session
for guest users. An attacker with physical access could use this issue
to access files and other resources that they should not be able to
access. In the default installation, this includes files in the home
directories of other users on the system. This update fixes the issue
by disabling the guest session. It may be re-enabled in a future
update. Please see the bug referenced below for instructions on how to
manually re-enable the guest session.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected lightdm package.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 100156 ()

Bugtraq ID:

CVE ID: CVE-2017-8900

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now