[Bug 746053] [NEW] Fix privilege escalation vulnerability (CVE-2011-0727)
Launchpad Bug Tracker
746053 at bugs.launchpad.net
Tue Apr 5 03:19:52 UTC 2011
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Steve Beattie (sbeattie):
Binary package hint: gdm
Sebastian Krahmer discovered that GDM did not properly drop privileges
when handling the cache directories used to store users' dmrc and
face icon files. This could allow a local attacker to change the
ownership of arbitrary files, thereby gaining root privileges.
The upcoming USN 1099-1 addresses the issue for karmic, lucid, and
maverick (hardy is not affected); this bug is for tracking for natty.
The relevant upstream patch is
http://git.gnome.org/browse/gdm/commit/?h=gnome-2-32&id=f2eb8e2b25844d6964129e0232e022995e27e11f
** Affects: gdm (Ubuntu)
Importance: Undecided
Status: New
--
Fix privilege escalation vulnerability (CVE-2011-0727)
https://bugs.launchpad.net/bugs/746053
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is a direct subscriber.
More information about the Ubuntu-sponsors
mailing list