CVE 2011-3153
dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.
Related bugs and status
CVE-2011-3153 (Candidate) is related to these bugs:
Bug #844081: Unity Greeter - Background of the Unity Greeter should reflect the background chosen by the user that is currently selected
Bug #861177: Switching to user without password still shows greeter
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 861177 | Switching to user without password still shows greeter | lightdm (Ubuntu) | Low | Fix Released | ||
| 861177 | Switching to user without password still shows greeter | Light Display Manager | Low | Fix Released | ||
Bug #882862: Guest account can read/write in /media/
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 882862 | Guest account can read/write in /media/ | lightdm (Ubuntu) | Medium | Fix Released | ||
Bug #883865: lightdm doesn't drop privileges when reading ~/.dmrc
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 883865 | lightdm doesn't drop privileges when reading ~/.dmrc | lightdm (Ubuntu) | Medium | Fix Released | ||
| 883865 | lightdm doesn't drop privileges when reading ~/.dmrc | lightdm (Ubuntu Oneiric) | Medium | Fix Released | ||
| 883865 | lightdm doesn't drop privileges when reading ~/.dmrc | lightdm (Ubuntu Precise) | Medium | Fix Released | ||
Bug #911597: Change-password-after-login is broken
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 911597 | Change-password-after-login is broken | Light Display Manager | Medium | Fix Released | ||
| 911597 | Change-password-after-login is broken | lightdm (Ubuntu) | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
