CVE-2017-8900

low-risk
Published 2017-05-12

LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.6/10 Medium
PHYSICAL / LOW complexity

Affected Products (1)

Lightdm

Affected Vendors

Lightdm Project

References (8)

Third Party Advisory http://www.securityfocus.com/bid/98554
Issue Tracking https://launchpad.net/bugs/1663157
Patch https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.html
Patch https://www.ubuntu.com/usn/usn-3285-1/
Third Party Advisory http://www.securityfocus.com/bid/98554
Issue Tracking https://launchpad.net/bugs/1663157
Patch https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.html
Patch https://www.ubuntu.com/usn/usn-3285-1/
21
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal