CVE-2017-8900

{"id": "CVE-2017-8900", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2017-05-12T07:29:00.233", "references": [{"url": "http://www.securityfocus.com/bid/98554", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://launchpad.net/bugs/1663157", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.ubuntu.com/usn/usn-3285-1/", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/98554", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://launchpad.net/bugs/1663157", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8900.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ubuntu.com/usn/usn-3285-1/", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session."}, {"lang": "es", "value": "LightDM hasta la versi\u00f3n 1.22.0, cuando es usado systemd en Ubuntu versi\u00f3n 16.10 y versiones 17.x, permite a los atacantes f\u00edsicamente cercanos omitir las restricciones previstas de AppArmor y visitar los directorios principales de usuarios arbitrarios mediante el establecimiento de una sesi\u00f3n de invitado."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lightdm_project:lightdm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CAC5354-FCCB-416A-A00F-7C337EF9099F", "versionEndIncluding": "1.22.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1AFB20FA-CB00-4729-AB3A-816454C6D096"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "588D4F37-0A56-47A4-B710-4D5F3D214FB9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}