CVE-2015-0856

Severity

46%

Complexity

39%

Confidentiality

106%

daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.

daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 9 years ago

2015-11-24 20:59:00

Last updated 8 years ago

2016-11-17 12:31:00

Affected Software

Fedora 22

22

References

FEDORA-2015-9f996ea146

Third Party Advisory

[oss-security] 20151014 CVE-2015-0856: sddm does not prevent access to the KDE crash handler

Mailing List, Third Party Advisory

77099

Third Party Advisory, VDB Entry

https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86

Vendor Advisory

https://github.com/sddm/sddm/wiki/0.13.0-Release-Announcement

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.