Vulnerability detected on the ubuntu login page

The last week they do not stop arriving news about various security problems in the network. Today is the turn of a new one, as you can already imagine. In this case it directly affects Ubuntu. It affects both Ubuntu 17.04 and Ubuntu 16.10.

Vulnerability detected on Ubuntu login page

The problem in question has been detected on the Ubuntu login page. So far what has been confirmed is that previous versions of Ubuntu to those mentioned above are not affected. Now we tell you in more detail the security problem detected.

Login page problem

As we have already said the security problem has been located in the login in Ubuntu. Apparently given this problem, an attacker with access to the system could exploit and have access to it. In such a way that it could have in its possession files or information about other users. The good part is that the access should be physical, so the potential attacker would have to be able to use your computer. Something that certainly greatly reduces the potential danger.

The company has already launched a temporary tool through a new update. With it, the guest sessions have been deactivated. All users can install it by going to Update Manager. There has been no news about users being attacked, but all users are recommended to update the patch.

How to fix it?

We go to the /etc/lightdm/lightdm.conf file and insert the following code:

# Manually enable guest sessions despite them not being confined # IMPORTANT: Makes the system vulnerable to CVE-2017-8900 # https://bugs.launchpad.net/bugs/1663157 allow-guest = true

We hope that this Ubuntu vulnerability will be in a scare, and that a definitive solution will be announced soon. Do you use Ubuntu regularly?

Source: OMG Ubuntu