2Likes
LinkBack URL
About LinkBacksA flaw of medium priority has been found in Ubuntu Linux operating system. Due to a bug in LightDM display manager, the guest sessions aren’t properly confined. This problem stepped in when user session handling moved from upstart to systemd in Ubuntu 16.10. Canonical has released a patch for this vulnerability and you need to install security updates to get the fix.
After the widespread havoc caused in the closed world of Windows by the WannaCry ransomware, it’s time for the Linux users to update their systems and patch a medium priority flaw that has the potential to do a considerable amount of damage. The issue being talked about here deals with LightDM, the display manager that powers the Unity Greeter login screen.
Reported by OMGUbuntu, the affected versions are Ubuntu 16.10 and Ubuntu 17.10. Due to this flaw in LightDM, it doesn’t correctly configure and confine the guest user session which is enabled by default on Ubuntu Linux. By exploiting the same, a notorious hacker with physical access can grab the files and gain access to the other users on the system. Please note that the files in a user’s home directories can also be accessed.
To test if they are affected, the users can simply log into a guest session, launch a terminal with ctrl-alt-t and run this command:
It should give the following output:$ cat /proc/self/attr/current
/usr/lib/lightdm/lightdm-guest-session (enforce)
But, in reality, running the command in guest session in Ubuntu 16.10 and 17.04 results in:
unconfined
Please note that this issue was introduced when the user session handling moved from upstart to systemd in Ubuntu 16.10. That’s why Ubuntu versions older than 16.10 aren’t affected.
How to fix Ubuntu login screen flaw
Just in case you’re running an updated Ubuntu system with all security updates installed, you don’t need to worry. If you haven’t done so, you need to update your system.
For that, simply open the Update Manager, check for updates and install all listed security patches.
Canonical has also turned the guest sessions off by default. It might re-enable in an update in near future, but this is how things are at the moment. If you need guest sessions, you need to turn it on manually.
Did you find this story on Ubuntu login screen flaw helpful? Don’t forget to share your views.
[fossBytes]
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
Results 1 to 1 of 1
-
05-16-2017 #1TulimGuest
Ubuntu Login Screen Security Flaw Could Allow Anyone To Access Your Files
whiteLight and jimmy7 like this.
Reply With Quote
