Skip to content
Mobile Menu
WebSetNet
  • Technology News
    • Mobile
    • Games
  • Internet Marketing
  • System Admin
    • Windows 11
    • Linux
    • Mac & Apple
Home vulnerability Security Flaw in Ubuntu Login Screen Could Let Anyone Access Your Files

Security Flaw in Ubuntu Login Screen Could Let Anyone Access Your Files

Martin6
August 5, 2020

guest session lightdm 750x365 2

A security vulnerability has been discovered in the Ubuntu login screen, and it gives would-be attackers unauthorised access to your files.

Read More
  • Qualcomm Snapdragon AR2 Gen 1 chip could finally mean stylish AR glasses
  • TP-Link's Ultra Capable 2K Security Camera Goes Wireless
  • Best iPhone 14 Screen Protectors of 2022

The issue concerns LightDM, the display manager that powers the Unity Greeter login screen, and affects both Ubuntu 17.04 and Ubuntu 16.10.

LightDM does not correctly confine the guest user session enabled by default on Ubuntu. An attacker with physical access to an affected system could exploit the weakness to gain access to the files or other users on the system, including files in users’ home directories.

Based on discussions in the bug report attached to the issue (which is now public) it seems the move to systemd is (partly) to blame, and explains why earlier versions of Ubuntu (which use upstart) are not affected.

If you’re running a fully up-to-date system you do not need to panic. Canonical has already pushed out a update that temporarily disables Ubuntu guest session logins (so if you noticed it was missing, that’s why).

If you haven’t installed the update you really should. It’s easy enough: just open the Update Manager, check for updates, and install all critical security patches listed.

While the likelihood of this issue actually being exploited is minimal — remember: someone would need physical access to your computer, and need to know about the vulnerability and how to use it — it’s super reassuring to hear that relevant patches have already been pushed out to users.

Canonical says it may re-enable guest sessions in a future update but, for now, they’re off by default. Anyone who needs to use guests sessions can knowingly and manually re-enable them.

How? By editing /etc/lightdm/lightdm.conf and entering the following:

# Manually enable guest sessions despite them not being confined
# IMPORTANT: Makes the system vulnerable to CVE-2017-8900
# https://bugs.launchpad.net/bugs/1663157
[Seat:*]
allow-guest=true

Source

couldflawloginscreensecurityUbuntu

Related posts

  • Some of Netgear’s most popular routers have been hit by a major flaw

Recent Posts

  • Montblanc Summit 3 review: Style in spades
  • Should You Use Tor Over VPN or VPN Over Tor?
  • 7 PowerPoint Features You Should Use During Presentations
  • Build a Smart Hi-Fi with Raspberry Pi's Redesigned Audio HATs
  • This Tool Can Boot Multiple OSes From a USB Drive
  • How to Use Your Pixel 7's Free VPN
  • 12 Apple TV Features You Should Be Using
  • Leak shows DJI's budget-friendly Mini 3 drone is just days away
  • Google Pixel phones and Watch just got even better with free added fea…
  • Dwarf Fortress Review – Old Game, New Face
  • Pokemon Scarlet & Violet Review – Best Believe It’s Still Bejewele…
  • How to use Efficiency Mode in Windows 11 to reduce resource utilizatio…
  • How to Install and Use ADB, the Android Debug Bridge Utility
  • How to Enable Ultra-Low Latency Mode for NVIDIA Graphics
  • OnePlus Nord 3 specifications tipped: alert slider, 1.5K display, Medi…
  • Samsung Portable SSD T7 Shield 4TB Review: IP65 PSSD Gets a Capacity U…
  • Microsoft Edge will allow you to open PWAs from address bar
  • Windows 11 22H2 freezing Remote Desktop gets a fix in KB5022360 previe…
  • How to Unzip Files on Android
  • Seagate Luke Skywalker FireCuda External HDD Review: C-3PO Tested, R2D…

Tags

Amazon android Apple Asus available download: edge feature features first free from galaxy Game games gaming gets google install Intel iPhone launches linux Microsoft more OnePlus phone release released review: samsung series support this Ubuntu update using video watch what will windows with xbox your

Archives

  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Proudly powered by WordPress / Theme: Bloggingpro