CVE-2012-1166

LTSP Display Manager < 2.2.7 - Remote Code Execution via KP_RETURN Keybinding

Title source: llm
STIX 2.1

Description

The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1398-1
Various Sources x_refsource_confirm
http://irclogs.ltsp.org/?d=2012-03-12

Scores

EPSS 0.0484
EPSS Percentile 90.9%

Details

CWE
CWE-78
Status published
Products (5)
canonical/ltsp_display_manager 2.2.4
canonical/ltsp_display_manager 2.2.5
canonical/ltsp_display_manager 2.2.6
canonical/ubuntu_linux 11.04
canonical/ubuntu_linux 11.10
Published May 21, 2014
Tracked Since Feb 18, 2026