CVE-2017-8900

MEDIUM

LightDM <1.22.0 - Privilege Escalation

Title source: llm

Description

LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98554

[Issue Tracking, Patch, Vendor Advisory] https://launchpad.net/bugs/1663157

[Patch, Vendor Advisory] https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.html

[Patch, Vendor Advisory] https://www.ubuntu.com/usn/usn-3285-1/

Scores

CVSS v3 4.6

EPSS 0.0005

EPSS Percentile 15.0%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (2)

lightdm_project/lightdm < 1.22.0

n/a/n/a

Published May 12, 2017

Tracked Since Feb 18, 2026