A flaw of medium priority has been found in Ubuntu Linux operating system. Due to a bug in LightDM display manager, the guest sessions aren’t properly confined. This problem stepped in when user session handling moved from upstart to systemd in Ubuntu 16.10. Canonical has released a patch for this vulnerability and you need to install security updates to get the fix. After the widespread havoc caused in the closed world of Windows by the WannaCry ransomware, it’s time for the Linux users to update their systems and patch a medium priority flaw that has the potential to do a considerable amount of damage. The issue being talked about here deals with LightDM, the display manager that powers the Unity Greeter login screen.
Reported by OMGUbuntu, the affected versions are Ubuntu 16.10 and Ubuntu 17.10. Due to this flaw in LightDM, it doesn’t correctly configure and confine the guest user session which is enabled by default on Ubuntu Linux. By exploiting the same, a notorious hacker with physical access can grab the files and gain access to the other users on the system. Please note that the files in a user’s home directories can also be accessed.
Source: https://fossbytes.com/ubuntu-login-screen-security-flaw-lightdm/
Submitted by: Arnfried Walbrecht
Comments are closed.