CVE-2017-7358

HIGH

LightDM < 1.22.0 - Path Traversal and Privilege Escalation via Guest Account Logout

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-7358. PoCs published by G. Geshev, JonPichel.

AI-analyzed exploit summary This exploit leverages a race condition in LightDM's guest account creation script to escalate privileges to root. The attacker races the creation of a temporary directory to replace it with a symbolic link, ultimately hijacking the guest user's home directory and executing arbitrary code as root.

Description

In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.

Exploits (2)

exploitdb WORKING POC

by G. Geshev · textlocallinux

https://www.exploit-db.com/exploits/41923

View Code ZIP pw:eip

This exploit leverages a race condition in LightDM's guest account creation script to escalate privileges to root. The attacker races the creation of a temporary directory to replace it with a symbolic link, ultimately hijacking the guest user's home directory and executing arbitrary code as root.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: LightDM (Ubuntu 16.10 / 16.04 LTS)

No auth needed

Prerequisites: Local access to the system · LightDM with guest account enabled

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by JonPichel · poc

https://github.com/JonPichel/CVE-2017-7358

View Code ZIP pw:eip

This PoC exploits CVE-2017-7358, a race condition in the LightDM guest session handling, to achieve local privilege escalation (LPE) by manipulating directory symlinks and user creation timing. The exploit involves monitoring /tmp for guest session directories and replacing them with symlinks to gain root access.