CVE-2013-4331

Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
robert_ancelllightdm
1.4.0
robert_ancelllightdm
1.4.1
robert_ancelllightdm
1.4.2
robert_ancelllightdm
1.6.0
robert_ancelllightdm
1.6.1
robert_ancelllightdm
1.7.0
robert_ancelllightdm
1.7.1
robert_ancelllightdm
1.7.2
robert_ancelllightdm
1.7.3
robert_ancelllightdm
1.7.4
robert_ancelllightdm
1.7.5
robert_ancelllightdm
1.7.6
robert_ancelllightdm
1.7.7
robert_ancelllightdm
1.7.8
robert_ancelllightdm
1.7.9
robert_ancelllightdm
1.7.10
robert_ancelllightdm
1.7.11
robert_ancelllightdm
1.7.12
robert_ancelllightdm
1.7.13
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lightdm
bullseye
1.26.0-7
fixed
wheezy
not-affected
bookworm
1.26.0-8
fixed
sid
1.32.0-6
fixed
trixie
1.32.0-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lightdm
raring
Fixed 1.6.0-0ubuntu3.1
released
quantal
not-affected
precise
not-affected
lucid
dne
Common Weakness Enumeration
References
https://bugs.launchpad.net/lightdm/%2Bbug/685212
https://bugs.launchpad.net/lightdm/%2Bbug/685212