Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: ldm (LTSP display manager)
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 12 Mar 2012 14:12:28 -0600

On 03/12/2012 02:03 PM, Marc Deslauriers wrote:
Could we please get a CVE assigned to the following issue?:

Starting with ldm 2.2.x, upstream switched to using wwm as a minimal window manager.
It was discovered that wwm ships with keybindings that allow spawning an xterm.

As the ldm greeter runs as root, this allows for a passwordless root shell.

Bug:
https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/953340

Commit:
http://bazaar.launchpad.net/~ltsp-upstream/ltsp/ldm-trunk/revision/1419

Thanks,

Marc.

Please use CVE-2012-1166 for this issue.


-- 
Kurt Seifried Red Hat Security Response Team (SRT)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault