Ubuntu.comUB:CVE-2012-6648CVE-2012-6648
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
15.5%
gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used
in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete
arbitrary files via a space in the name of a file in /tmp. NOTE: this
identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different
codebases and affected versions. CVE-2012-0943 is used for the
guest-account issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 10.04 | noarch | gdm-guest-session | < 0.15ubuntu0.1 | UNKNOWN |
| ubuntu | 10.10 | noarch | gdm-guest-session | < 0.17ubuntu0.1 | UNKNOWN |
| ubuntu | 11.04 | noarch | gdm-guest-session | < 0.24ubuntu0.1 | UNKNOWN |
| ubuntu | 11.10 | noarch | lightdm | < 1.0.6-0ubuntu1.6 | UNKNOWN |
| ubuntu | 12.04 | noarch | lightdm | < 1.1.7-0ubuntu2 | UNKNOWN |
| ubuntu | 12.10 | noarch | lightdm | < 1.1.7-0ubuntu2 | UNKNOWN |
| ubuntu | 13.04 | noarch | lightdm | < 1.1.7-0ubuntu2 | UNKNOWN |
References
bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044
launchpad.net/bugs/cve/CVE-2012-6648
launchpadlibrarian.net/96474113/gdm-guest-session.secure-cleanup.debdiff
nvd.nist.gov/vuln/detail/CVE-2012-6648
security-tracker.debian.org/tracker/CVE-2012-6648
ubuntu.com/security/notices/USN-1399-1
www.cve.org/CVERecord?id=CVE-2012-6648
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
15.5%