Skip to main content

Ubuntu Login Screen Security Flaw Could Allow Anyone To Access Your Files


ubuntu 16.10 login screen bug lightdm
A flaw of medium priority has been found in Ubuntu Linux operating system. Due to a bug in LightDM display manager, the guest sessions aren’t properly confined. This problem stepped in when user session handling moved from upstart to systemd in Ubuntu 16.10. Canonical has released a patch for this vulnerability and you need to install security updates to get the fix.

After the widespread havoc caused in the closed world of Windows by the WannaCry ransomware, it’s time for the Linux users to update their systems and patch a medium priority flaw that has the potential to do a considerable amount of damage. The issue being talked about here deals with LightDM, the display manager that powers the Unity Greeter login screen.
Reported by OMGUbuntu, the affected versions are Ubuntu 16.10 and Ubuntu 17.10. Due to this flaw in LightDM, it doesn’t correctly configure and confine the guest user session which is enabled by default on Ubuntu Linux. By exploiting the same, a notorious hacker with physical access can grab the files and gain access to the other users on the system. Please note that the files in a user’s home directories can also be accessed.
To test if they are affected, the users can simply log into a guest session, launch a terminal with ctrl-alt-t and run this command:
It should give the following output:
/usr/lib/lightdm/lightdm-guest-session (enforce)
But, in reality, running the command in guest session in Ubuntu 16.10 and 17.04 results in:
unconfined
Please note that this issue was introduced when the user session handling moved from upstart to systemd in Ubuntu 16.10. That’s why Ubuntu versions older than 16.10 aren’t affected.

How to fix Ubuntu login screen flaw

Just in case you’re running an updated Ubuntu system with all security updates installed, you don’t need to worry. If you haven’t done so, you need to update your system.
For that, simply open the Update Manager, check for updates and install all listed security patches.
Canonical has also turned the guest sessions off by default. It might re-enable in an update in near future, but this is how things are at the moment. If you need guest sessions, you need to turn it on manually.
Did you find this story on Ubuntu login screen flaw helpful? Don’t forget to share your views.

Comments

WHAT'S HOT

Fappening 2.0 Continues: Modern Family Actress Sarah Hyland Has Become The Latest Victim Of Notorious Hackers [Private Photos, Video Leaked]

Modern Family actress Sarah Hyland has become the latest victim of notorious hackers. Her private pictures and video have been posted online on infamous website Celeb Jihad. According to media sources, Sarah’s lawyers are planning to take legal action against the websites who choose to publish the leaked material. Meanwhile, the actual powers behind the leak are unknown.

Samsung Overtakes Fitbit In Wearable Sales For First Time

Fitbit has been a top competitor on the global wearable market for a long time, but the South Korea giant Samsung managed to steal the silver crown of the wearable market from Fitbit. According to Strategy Analytics, Samsung gained the

Owners Of The Samsung Gear S3 In The United Kingdom Have Finally Received A Software Update That Enables Support For Samsung Pay

Owners of the Samsung Gear S3 in the United Kingdom have finally received a software update that enables support for Samsung Pay. Starting today, users will be able to use the Gear S3 smartwatch to make payments on all contactless

Supermassive Black Holes Found Orbiting Each Other For The First Time

Image Credit: UCR Researchers from Stanford University have identified super-massive binary black holes at the center of Galaxy 0402+379 about 750 billion light years away. The two of the black holes are just 24 light years apart and one of them is orbiting the other. This is the first