Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6648

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-6648
Last Modified 18 Jul 2014 01:49:04
Published 22 May 2014 07:55:03
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-6648

Summary

gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-0943 is used for the guest-account issue.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 10.10

  • Canonical Ubuntu Linux 11.04

Application

  • Gdm-guest-session Project Gdm-guest-session 0.20

  • Gdm-guest-session Project Gdm-guest-session 0.21

  • Gdm-guest-session Project Gdm-guest-session 0.22

  • Gdm-guest-session Project Gdm-guest-session 0.23

  • Gdm-guest-session Project Gdm-guest-session 0.24


References

MISC - https://launchpadlibrarian.net/96474113/gdm-guest-session.secure-cleanup.debdiff

CONFIRM - https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044

UBUNTU - USN-1399-1


Last Updated: 27 May 2016 11:05:50