CVE-2012-6648 : gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in U

gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-0943 is used for the guest-account issue.

Published 2014-05-22 23:55:03

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2012-6648

Canonical » Ubuntu Linux » Version: 10.10
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 11.04
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 10.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
Matching versions
Gdm-guest-session Project » Gdm-guest-session
Versions up to, including, (<=) 0.24
cpe:2.3:a:gdm-guest-session_project:gdm-guest-session:*:*:*:*:*:*:*:*
Matching versions
Gdm-guest-session Project » Gdm-guest-session » Version: 0.22
cpe:2.3:a:gdm-guest-session_project:gdm-guest-session:0.22:*:*:*:*:*:*:*
Matching versions
Gdm-guest-session Project » Gdm-guest-session » Version: 0.21
cpe:2.3:a:gdm-guest-session_project:gdm-guest-session:0.21:*:*:*:*:*:*:*
Matching versions
Gdm-guest-session Project » Gdm-guest-session » Version: 0.20
cpe:2.3:a:gdm-guest-session_project:gdm-guest-session:0.20:*:*:*:*:*:*:*
Matching versions
Gdm-guest-session Project » Gdm-guest-session » Version: 0.23
cpe:2.3:a:gdm-guest-session_project:gdm-guest-session:0.23:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2012-6648

Top countries where our scanners detected CVE-2012-6648

Top open port discovered on systems with this issue 8200

IPs affected by CVE-2012-6648 2,348

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2012-6648!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2012-6648

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-6648

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2012-6648

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-6648

http://ubuntu.com/usn/usn-1399-1

USN-1399-1: gdm-guest-session vulnerability | Ubuntu security notices
Patch;Vendor Advisory
https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044

Bug #953044 “Guest session clean up can remove other user's file...” : Bugs : lightdm package : Ubuntu

CVEs referencing this url
https://launchpadlibrarian.net/96474113/gdm-guest-session.secure-cleanup.debdiff