CVE-2013-4459

LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.

CVSS v2.0 3.3 LOW

3.3^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 3.4 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.freedesktop.org/archives/lightdm/2013-October/000471.html
http://lists.freedesktop.org/archives/lightdm/2013-October/000472.html
http://www.ubuntu.com/usn/USN-2012-1
https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/1243339	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:robert_ancell:lightdm:1.7.5:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.6:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.7:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.8:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.9:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.10:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.11:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.12:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.13:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.14:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.15:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.16:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.17:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.18:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.8.0:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.8.1:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.8.2:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.8.3:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.9.0:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.9.1:::::::*

Configuration 2 (hide)

cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-11-23 18:55

Updated : 2013-11-25 19:11

NVD link : CVE-2013-4459

Mitre link : CVE-2013-4459

CVE.ORG link : CVE-2013-4459

JSON object : View

Products Affected

canonical

ubuntu_linux

robert_ancell

lightdm

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-4459", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-11-23T18:55:04.673", "references": [{"url": "http://lists.freedesktop.org/archives/lightdm/2013-October/000471.html", "source": "secalert@redhat.com"}, {"url": "http://lists.freedesktop.org/archives/lightdm/2013-October/000472.html", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-2012-1", "source": "secalert@redhat.com"}, {"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/1243339", "tags": ["Exploit"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account."}, {"lang": "es", "value": "LightDM 1.7.5 hasta la 1.8.3 y 1.9.x anterior a 1.9.2, no aplica el perfil AppArmor a la cuenta de invitado, lo que permite a usuarios locales evitar las restricciones previstas por el aprovechamiento de la cuenta de invitado."}], "lastModified": "2013-11-25T19:11:47.287", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F7FD9C8-C61D-4902-B592-938D1A17F04B"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A22930A-13A0-4722-8C3D-14CC53DCAF3B"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.7.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "969C4962-D760-482F-85E2-76DA424CFFB3"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.7.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F6416C0-33CA-4C4B-9BC7-0EF7A55DC465"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.7.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9618999D-5E24-45AA-9C3E-6B49F751263C"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.7.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEB6E3B7-1683-40F3-9F1E-04D16B8E836A"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.7.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A466891-DBC7-4EDD-B387-8D034C58DFAF"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.7.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9E83831-BEB3-4B4E-9CE3-AE06F1AB9633"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.7.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59E6D651-CBA2-4C07-9DA2-5E7B512AAF39"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.7.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27FEE5F4-8D39-4E9B-944B-AF730429CF3D"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.7.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "293066B8-5F58-41B4-94BF-173C2B9589C1"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.7.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3104527-B697-4CDC-8C00-BB8851C07623"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.7.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "143E4B6C-FD88-4896-81FB-75F9842E058F"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.7.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2381774C-B5F2-47C7-9B19-254832871BB7"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7ABA8D67-4405-4E05-BB51-108A53557E28"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA47DAC9-03D4-4A9A-9612-3A2599070598"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58E979D3-7083-4DC7-99DE-0445802E4441"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA81568E-9894-4B49-B9E6-4FAE7ADE33DE"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4568827-76C7-4103-8457-78F2968E8967"}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84A95133-1B2A-431B-A151-EECAD507BEE9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}