Red Hat Bugzilla – Bug 1007186
CVE-2013-4331 lightdm: Word-readable .Xauthority
Last modified: 2015-08-22 11:27:10 EDT
It was found that lightdm prior to versions 1.4.3 and 1.6.2 created .Xauthority files in a user's home directory with world-readable permissions. If a local user was able to access this file of another user, they could obtain the magic cookie it contained and connect to the X server as that user. This would only be possible if the user's home directory did not have appropriate secure permissions (such as 0700).
Links to fixing commits:
Created lightdm tracking bugs for this issue:
Affects: fedora-all [bug 1007187]
This was assigned CVE-2013-4331: http://www.openwall.com/lists/oss-security/2013/09/11/8