Fix privilege escalation vulnerability (CVE-2011-0727)
Bug #746053 reported by
Steve Beattie
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gdm (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: gdm
Sebastian Krahmer discovered that GDM did not properly drop privileges
when handling the cache directories used to store users' dmrc and
face icon files. This could allow a local attacker to change the
ownership of arbitrary files, thereby gaining root privileges.
The upcoming USN 1099-1 addresses the issue for karmic, lucid, and maverick (hardy is not affected); this bug is for tracking for natty.
The relevant upstream patch is http://
Related branches
lp:~sbeattie/gdm/CVE-2011-0727-lp746053
- Ubuntu Desktop: Pending requested
-
Diff: 93 lines (+73/-0)3 files modifieddebian/changelog (+10/-0)
debian/patches/43_CVE-2011-0727.patch (+62/-0)
debian/patches/series (+1/-0)
CVE References
| visibility: | private → public |
Revision history for this message
| Sebastien Bacher (seb128) wrote | #1 |
Revision history for this message
| Steve Beattie (sbeattie) wrote | #2 |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in gdm (Ubuntu): | |
| status: | New → Fix Released |
To post a comment you must log in.
the vcs used is the wrong one but feel free to commit to the correct one and upload to natty if you want