CVE-2012-0943 - Vulnerability Details - OpenCVE

debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Robert Ancell	Lightdm

Configuration 1 [-]

OR	cpe:2.3:a:robert_ancell:lightdm:1.0.0:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.0.1:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.0.2:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.0.3:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.0.4:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.0.5:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.1.0:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.1.1:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.1.2:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.1.3:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.1.4:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.1.5:::::::*
	cpe:2.3:a:robert_ancell:lightdm:1.1.6:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*

No data.

References

Link	Providers
http://www.ubuntu.com/usn/USN-1399-2
https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044
https://launchpadlibrarian.net/96471251/lightdm.secure-cleanup.debdiff

History

No history.

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2014-05-22T23:00:00

Updated: 2024-08-06T18:45:25.953Z

Reserved: 2012-02-01T00:00:00

Link: CVE-2012-0943

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-05-22T23:55:02.830

Modified: 2025-04-12T10:46:40.837

Link: CVE-2012-0943

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-03-13T00:00:00", "descriptions": [{"lang": "en", "value": "debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-22T22:57:00", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044"}, {"name": "USN-1399-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1399-2"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpadlibrarian.net/96471251/lightdm.secure-cleanup.debdiff"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2012-0943", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044"}, {"name": "USN-1399-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1399-2"}, {"name": "https://launchpadlibrarian.net/96471251/lightdm.secure-cleanup.debdiff", "refsource": "MISC", "url": "https://launchpadlibrarian.net/96471251/lightdm.secure-cleanup.debdiff"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:45:25.953Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044"}, {"name": "USN-1399-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1399-2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpadlibrarian.net/96471251/lightdm.secure-cleanup.debdiff"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2012-0943", "datePublished": "2014-05-22T23:00:00", "dateReserved": "2012-02-01T00:00:00", "dateUpdated": "2024-08-06T18:45:25.953Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AC40755F-A4CF-4787-A53F-2C4EEEF6F85C", "vulnerable": true}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "869A987D-539F-4677-A508-B594D0AC4ECD", "vulnerable": true}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "606AF3AA-66B7-4EDA-BC35-26E97FA75DA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "8AF58BE5-C3B1-4D73-962D-3FDC5BEB7152", "vulnerable": true}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8666B4E2-B076-411F-B926-28BC11757443", "vulnerable": true}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "5889A623-94A4-40E3-8397-68776ABEE6B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A00DDE65-E203-4BC1-B181-2C3898009185", "vulnerable": true}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "980F4238-9FB5-4B0B-91FB-EFCF15F1DC17", "vulnerable": true}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "3F3C1124-62F2-44F7-BAEB-AC50FFE72D33", "vulnerable": true}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "86596550-6C3B-4C70-BAF6-32E0753FE0A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "A7301710-B404-4ECF-AD1F-3F3CE7DA2A5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "167233E6-D2DD-4012-8070-83CBDA9CBED3", "vulnerable": true}, {"criteria": "cpe:2.3:a:robert_ancell:lightdm:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "7803F237-683B-448F-B6F1-C79D44EBF0A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue."}, {"lang": "es", "value": "debian/guest-account en Light Display Manager (lightdm) 1.0.x anterior a 1.0.6 y 1.1.x anterior a 1.1.7, utilizad en Ubuntu Linux 11.10, permite a usuarios locales eliminar archivos arbitrarios a trav\u00e9s de un espacio en el nombre de un archivo en /tmp. NOTA: este identificador fue dividido (SPLIT) por ADT1/ADT2 debido a diferentes bases de c\u00f3digo y versiones afectadas. CVE-2012-6648 ha sido asignado para el problema gdm-guest-session."}], "id": "CVE-2012-0943", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-22T23:55:02.830", "references": [{"source": "security@ubuntu.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ubuntu.com/usn/USN-1399-2"}, {"source": "security@ubuntu.com", "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044"}, {"source": "security@ubuntu.com", "url": "https://launchpadlibrarian.net/96471251/lightdm.secure-cleanup.debdiff"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ubuntu.com/usn/USN-1399-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://launchpadlibrarian.net/96471251/lightdm.secure-cleanup.debdiff"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}