← back
CVE-2011-3349

CVE-2011-3349

EPSS 0.4%
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.
Affected products
lightdm · lightdm

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/security/cve/cve-2011-3349https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639151https://bugs.launchpad.net/debian/+source/lightdm/+bug/834079https://seclists.org/oss-sec/2011/q3/393https://security-tracker.debian.org/tracker/CVE-2011-3349https://www.securityfocus.com/bid/50506