CVE-2015-0856

Published: Nov 24, 2015Modified: May 6, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.

Affected (2)

Products: Fedoraproject: Fedora · Sddm Project: Sddm

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 22

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Sddm Project Sddm	Up to 0.12.0

Related CWEs

CWE-264

References (10)

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171443.html

Source: security@debian.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/10/14/2

Source: security@debian.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/77099

Source: security@debian.org

Third Party AdvisoryVDB Entry

https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86

Source: security@debian.org

Vendor Advisory

https://github.com/sddm/sddm/wiki/0.13.0-Release-Announcement

Source: security@debian.org

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171443.html