Arch Linux: ASA-202011-5 High: gdm Privilege Escalation Risk
Nov 10, 2020
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package gdm before version 3.38.2-1 is vulnerable to privilege escalation.
Arch Linux Security Advisory ASA-202011-5 ======================================== Severity: High Date : 2020-11-10 CVE-ID : CVE-2020-16125 Package : gdm Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1264 Summary ====== The package gdm before version 3.38.2-1 is vulnerable to privilege escalation. Resolution ========= Upgrade to 3.38.2-1. # pacman -Syu "gdm>=3.38.2-1" The problem has been fixed upstream in version 3.38.2. Workaround ========= None. Description ========== gdm before 3.38.2 can be tricked into launching gnome-initial-setup, enabling an unprivileged user to create a new user account for themselves. The new account is a member of the sudo group, so this enables the unprivileged user to obtain admin privileges. Impact ===== An unprivileged local user might be able to elevate privileges to root. References ========= https://security.archlinux.org/CVE-2020-16125
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!