[Bug 746053] Re: Fix privilege escalation vulnerability (CVE-2011-0727)
Steve Beattie
sbeattie at ubuntu.com
Tue Apr 5 03:21:22 UTC 2011
Sebastian, sorry about using the wrong branch. I've adjusted that and
linked the corrected branch to this bug report. Thanks for the feedback!
** Branch unlinked: lp:~sbeattie/ubuntu/natty/gdm/CVE-2011-0727-lp746053
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.
https://bugs.launchpad.net/bugs/746053
Title:
Fix privilege escalation vulnerability (CVE-2011-0727)
Status in “gdm” package in Ubuntu:
New
Bug description:
Binary package hint: gdm
Sebastian Krahmer discovered that GDM did not properly drop privileges
when handling the cache directories used to store users' dmrc and
face icon files. This could allow a local attacker to change the
ownership of arbitrary files, thereby gaining root privileges.
The upcoming USN 1099-1 addresses the issue for karmic, lucid, and
maverick (hardy is not affected); this bug is for tracking for natty.
The relevant upstream patch is
http://git.gnome.org/browse/gdm/commit/?h=gnome-2-32&id=f2eb8e2b25844d6964129e0232e022995e27e11f
More information about the Ubuntu-sponsors
mailing list