mailing list archives
CVE Request: ldm (LTSP display manager)
From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Mon, 12 Mar 2012 16:03:50 -0400
Could we please get a CVE assigned to the following issue?:
Starting with ldm 2.2.x, upstream switched to using wwm as a minimal window manager.
It was discovered that wwm ships with keybindings that allow spawning an xterm.
As the ldm greeter runs as root, this allows for a passwordless root shell.
Ubuntu Security Engineer | http://www.ubuntu.com/
Canonical Ltd. | http://www.canonical.com/
- CVE Request: ldm (LTSP display manager) Marc Deslauriers (Mar 12)