Vulnerability Details : CVE-2017-8900
LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.
Products affected by CVE-2017-8900
- cpe:2.3:a:lightdm_project:lightdm:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8900
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8900
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
4.6
|
MEDIUM | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
0.9
|
3.6
|
NIST |
References for CVE-2017-8900
-
https://www.ubuntu.com/usn/usn-3285-1/
USN-3285-1: LightDM vulnerability | Ubuntu security noticesPatch;Vendor Advisory
-
https://launchpad.net/bugs/1663157
Bug #1663157 “Guest session processes are not confined in 16.10 ...” : Bugs : lightdm package : UbuntuIssue Tracking;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/98554
LightDM CVE-2017-8900 Local Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.html
CVE-2017-8900 in UbuntuPatch;Vendor Advisory
Jump to