CVE-2013-4331

Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://bugs.launchpad.net/lightdm/%2Bbug/685212

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:robert_ancell:lightdm:1.7.1:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.11:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.6:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.8:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.4.1:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.9:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.6.0:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.6.1:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.4.0:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.13:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.2:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.10:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.0:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.7:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.5:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.3:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.4:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.7.12:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.4.2:::::::*

Information

Published : 2014-02-01 16:55

Updated : 2014-02-03 10:22

NVD link : CVE-2013-4331

Mitre link : CVE-2013-4331

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

robert_ancell

lightdm

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugs.launchpad.net/lightdm/%2Bbug/685212", "name": "https://bugs.launchpad.net/lightdm/%2Bbug/685212", "tags": [], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-4331", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-02-02T00:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.7.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.7.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.7.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.7.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.7.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.7.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:robert_ancell:lightdm:1.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-02-03T18:22Z"}