Search criteria
47 vulnerabilities found for gdm by GNOME
CVE-2017-12164 (GCVE-0-2017-12164)
Vulnerability from cvelistv5 – Published: 2018-07-26 16:00 – Updated: 2024-08-05 18:28
VLAI?
Summary
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
Severity ?
4.1 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gdm",
"vendor": "GNOME",
"versions": [
{
"status": "affected",
"version": "3.24.1"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select \u0027login as another user\u0027 to unlock their screen."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-592",
"description": "CWE-592",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-26T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-12164",
"datePublished": "2018-07-26T16:00:00",
"dateReserved": "2017-08-01T00:00:00",
"dateUpdated": "2024-08-05T18:28:16.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1709 (GCVE-0-2011-1709)
Vulnerability from cvelistv5 – Published: 2011-06-14 17:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44808"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44808"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"name": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44808"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=709139",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1709",
"datePublished": "2011-06-14T17:00:00",
"dateReserved": "2011-04-15T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0727 (GCVE-0-2011-0727)
Vulnerability from cvelistv5 – Published: 2011-03-31 22:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:52.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name": "43714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43714"
},
{
"name": "1025264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025264"
},
{
"name": "FEDORA-2011-4351",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name": "43854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43854"
},
{
"name": "ADV-2011-0847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name": "ADV-2011-0787",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name": "display-manager-priv-escalation(66377)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"name": "ADV-2011-0911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name": "MDVSA-2011:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name": "DSA-2205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"name": "RHSA-2011:0395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name": "47063",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47063"
},
{
"name": "ADV-2011-0786",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name": "[gdm-list] 20110328 GDM 2.32.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name": "44021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44021"
},
{
"name": "FEDORA-2011-4335",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name": "ADV-2011-0797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "USN-1099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name": "43714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43714"
},
{
"name": "1025264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025264"
},
{
"name": "FEDORA-2011-4351",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name": "43854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43854"
},
{
"name": "ADV-2011-0847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name": "ADV-2011-0787",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name": "display-manager-priv-escalation(66377)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"name": "ADV-2011-0911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name": "MDVSA-2011:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name": "DSA-2205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"name": "RHSA-2011:0395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name": "47063",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47063"
},
{
"name": "ADV-2011-0786",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name": "[gdm-list] 20110328 GDM 2.32.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name": "44021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44021"
},
{
"name": "FEDORA-2011-4335",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name": "ADV-2011-0797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-0727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1099-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name": "43714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43714"
},
{
"name": "1025264",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025264"
},
{
"name": "FEDORA-2011-4351",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name": "43854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43854"
},
{
"name": "ADV-2011-0847",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name": "ADV-2011-0787",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name": "display-manager-priv-escalation(66377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"name": "ADV-2011-0911",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name": "MDVSA-2011:070",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name": "DSA-2205",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"name": "RHSA-2011:0395",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name": "47063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47063"
},
{
"name": "ADV-2011-0786",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name": "[gdm-list] 20110328 GDM 2.32.1 released",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=688323",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name": "44021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44021"
},
{
"name": "FEDORA-2011-4335",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name": "ADV-2011-0797",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-0727",
"datePublished": "2011-03-31T22:00:00",
"dateReserved": "2011-02-01T00:00:00",
"dateUpdated": "2024-08-06T22:05:52.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2697 (GCVE-0-2009-2697)
Vulnerability from cvelistv5 – Published: 2009-09-04 20:00 – Updated: 2024-08-07 05:59
VLAI?
Summary
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9586",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"name": "36553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"name": "36219",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36219"
},
{
"name": "RHSA-2009:1364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9586",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"name": "36553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"name": "36219",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36219"
},
{
"name": "RHSA-2009:1364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:9586",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"name": "36553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36553"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=239818",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"name": "36219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36219"
},
{
"name": "RHSA-2009:1364",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2697",
"datePublished": "2009-09-04T20:00:00",
"dateReserved": "2009-08-05T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3381 (GCVE-0-2007-3381)
Vulnerability from cvelistv5 – Published: 2007-08-07 10:00 – Updated: 2024-08-07 14:14
VLAI?
Summary
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200709-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
},
{
"name": "26313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26313"
},
{
"name": "ADV-2007-2781",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2781"
},
{
"name": "25191",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25191"
},
{
"name": "26879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26879"
},
{
"name": "oval:org.mitre.oval:def:10887",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1599"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
},
{
"name": "26368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26368"
},
{
"name": "MDKSA-2007:169",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
},
{
"name": "20070803 FLEA-2007-0041-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
},
{
"name": "RHSA-2007:0777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
},
{
"name": "1018523",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018523"
},
{
"name": "26900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26900"
},
{
"name": "26520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-200709-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
},
{
"name": "26313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26313"
},
{
"name": "ADV-2007-2781",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2781"
},
{
"name": "25191",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25191"
},
{
"name": "26879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26879"
},
{
"name": "oval:org.mitre.oval:def:10887",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1599"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
},
{
"name": "26368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26368"
},
{
"name": "MDKSA-2007:169",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
},
{
"name": "20070803 FLEA-2007-0041-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
},
{
"name": "RHSA-2007:0777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
},
{
"name": "1018523",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018523"
},
{
"name": "26900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26900"
},
{
"name": "26520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26520"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-3381",
"datePublished": "2007-08-07T10:00:00",
"dateReserved": "2007-06-25T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6105 (GCVE-0-2006-6105)
Vulnerability from cvelistv5 – Published: 2006-12-15 02:00 – Updated: 2024-08-07 20:12
VLAI?
Summary
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23385",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23385"
},
{
"name": "23387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23387"
},
{
"name": "ADV-2006-5015",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5015"
},
{
"name": "23409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23409"
},
{
"name": "1017383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017383"
},
{
"name": "1017320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017320"
},
{
"name": "30848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30848"
},
{
"name": "gdmchooser-host-chooser-format-string(30896)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
},
{
"name": "21597",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21597"
},
{
"name": "23381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23381"
},
{
"name": "20061214 GNOME Foundation Display Manager gdmchooser Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
},
{
"name": "SUSE-SR:2006:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"name": "MDKSA-2006:231",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
},
{
"name": "USN-396-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-396-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "23385",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23385"
},
{
"name": "23387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23387"
},
{
"name": "ADV-2006-5015",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5015"
},
{
"name": "23409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23409"
},
{
"name": "1017383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017383"
},
{
"name": "1017320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017320"
},
{
"name": "30848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30848"
},
{
"name": "gdmchooser-host-chooser-format-string(30896)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
},
{
"name": "21597",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21597"
},
{
"name": "23381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23381"
},
{
"name": "20061214 GNOME Foundation Display Manager gdmchooser Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
},
{
"name": "SUSE-SR:2006:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"name": "MDKSA-2006:231",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
},
{
"name": "USN-396-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-396-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-6105",
"datePublished": "2006-12-15T02:00:00",
"dateReserved": "2006-11-24T00:00:00",
"dateUpdated": "2024-08-07T20:12:31.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2452 (GCVE-0-2006-2452)
Vulnerability from cvelistv5 – Published: 2006-06-09 10:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-2452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"name": "http://bugzilla.gnome.org/show_bug.cgi?id=343476",
"refsource": "CONFIRM",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-2452",
"datePublished": "2006-06-09T10:00:00",
"dateReserved": "2006-05-18T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1057 (GCVE-0-2006-1057)
Vulnerability from cvelistv5 – Published: 2006-04-25 01:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gdm-slavec-symlink(26092)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
},
{
"name": "ADV-2006-1465",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1465"
},
{
"name": "MDKSA-2006:083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
},
{
"name": "DSA-1040",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1040"
},
{
"name": "17635",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17635"
},
{
"name": "RHSA-2007:0286",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
},
{
"name": "oval:org.mitre.oval:def:10092",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
},
{
"name": "FEDORA-2006-338",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
},
{
"name": "USN-278-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/278-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "gdm-slavec-symlink(26092)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
},
{
"name": "ADV-2006-1465",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1465"
},
{
"name": "MDKSA-2006:083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
},
{
"name": "DSA-1040",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1040"
},
{
"name": "17635",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17635"
},
{
"name": "RHSA-2007:0286",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
},
{
"name": "oval:org.mitre.oval:def:10092",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
},
{
"name": "FEDORA-2006-338",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
},
{
"name": "USN-278-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/278-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-1057",
"datePublished": "2006-04-25T01:00:00",
"dateReserved": "2006-03-07T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0794 (GCVE-0-2003-0794)
Vulnerability from cvelistv5 – Published: 2003-10-21 04:00 – Updated: 2024-08-08 02:05
VLAI?
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gdm-command-dos(13448)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gdm-command-dos(13448)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gdm-command-dos(13448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"name": "MDKSA-2003:100",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "CLA-2003:766",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8846"
},
{
"name": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome",
"refsource": "CONFIRM",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0794",
"datePublished": "2003-10-21T04:00:00",
"dateReserved": "2003-09-17T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0793 (GCVE-0-2003-0793)
Vulnerability from cvelistv5 – Published: 2003-10-21 04:00 – Updated: 2024-08-08 02:05
VLAI?
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "gdm-dos(13447)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "gdm-dos(13447)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2003:100",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "gdm-dos(13447)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"name": "CLA-2003:766",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8846"
},
{
"name": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome",
"refsource": "CONFIRM",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0793",
"datePublished": "2003-10-21T04:00:00",
"dateReserved": "2003-09-17T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12164 (GCVE-0-2017-12164)
Vulnerability from nvd – Published: 2018-07-26 16:00 – Updated: 2024-08-05 18:28
VLAI?
Summary
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
Severity ?
4.1 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gdm",
"vendor": "GNOME",
"versions": [
{
"status": "affected",
"version": "3.24.1"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select \u0027login as another user\u0027 to unlock their screen."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-592",
"description": "CWE-592",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-26T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-12164",
"datePublished": "2018-07-26T16:00:00",
"dateReserved": "2017-08-01T00:00:00",
"dateUpdated": "2024-08-05T18:28:16.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1709 (GCVE-0-2011-1709)
Vulnerability from nvd – Published: 2011-06-14 17:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44808"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44808"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"name": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44808"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=709139",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1709",
"datePublished": "2011-06-14T17:00:00",
"dateReserved": "2011-04-15T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0727 (GCVE-0-2011-0727)
Vulnerability from nvd – Published: 2011-03-31 22:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:52.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name": "43714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43714"
},
{
"name": "1025264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025264"
},
{
"name": "FEDORA-2011-4351",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name": "43854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43854"
},
{
"name": "ADV-2011-0847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name": "ADV-2011-0787",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name": "display-manager-priv-escalation(66377)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"name": "ADV-2011-0911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name": "MDVSA-2011:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name": "DSA-2205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"name": "RHSA-2011:0395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name": "47063",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47063"
},
{
"name": "ADV-2011-0786",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name": "[gdm-list] 20110328 GDM 2.32.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name": "44021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44021"
},
{
"name": "FEDORA-2011-4335",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name": "ADV-2011-0797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "USN-1099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name": "43714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43714"
},
{
"name": "1025264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025264"
},
{
"name": "FEDORA-2011-4351",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name": "43854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43854"
},
{
"name": "ADV-2011-0847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name": "ADV-2011-0787",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name": "display-manager-priv-escalation(66377)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"name": "ADV-2011-0911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name": "MDVSA-2011:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name": "DSA-2205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"name": "RHSA-2011:0395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name": "47063",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47063"
},
{
"name": "ADV-2011-0786",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name": "[gdm-list] 20110328 GDM 2.32.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name": "44021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44021"
},
{
"name": "FEDORA-2011-4335",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name": "ADV-2011-0797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-0727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1099-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name": "43714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43714"
},
{
"name": "1025264",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025264"
},
{
"name": "FEDORA-2011-4351",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name": "43854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43854"
},
{
"name": "ADV-2011-0847",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name": "ADV-2011-0787",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name": "display-manager-priv-escalation(66377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"name": "ADV-2011-0911",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name": "MDVSA-2011:070",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name": "DSA-2205",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"name": "RHSA-2011:0395",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name": "47063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47063"
},
{
"name": "ADV-2011-0786",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name": "[gdm-list] 20110328 GDM 2.32.1 released",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=688323",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name": "44021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44021"
},
{
"name": "FEDORA-2011-4335",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name": "ADV-2011-0797",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-0727",
"datePublished": "2011-03-31T22:00:00",
"dateReserved": "2011-02-01T00:00:00",
"dateUpdated": "2024-08-06T22:05:52.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2697 (GCVE-0-2009-2697)
Vulnerability from nvd – Published: 2009-09-04 20:00 – Updated: 2024-08-07 05:59
VLAI?
Summary
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9586",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"name": "36553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"name": "36219",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36219"
},
{
"name": "RHSA-2009:1364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9586",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"name": "36553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"name": "36219",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36219"
},
{
"name": "RHSA-2009:1364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:9586",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"name": "36553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36553"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=239818",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"name": "36219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36219"
},
{
"name": "RHSA-2009:1364",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2697",
"datePublished": "2009-09-04T20:00:00",
"dateReserved": "2009-08-05T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3381 (GCVE-0-2007-3381)
Vulnerability from nvd – Published: 2007-08-07 10:00 – Updated: 2024-08-07 14:14
VLAI?
Summary
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200709-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
},
{
"name": "26313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26313"
},
{
"name": "ADV-2007-2781",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2781"
},
{
"name": "25191",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25191"
},
{
"name": "26879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26879"
},
{
"name": "oval:org.mitre.oval:def:10887",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1599"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
},
{
"name": "26368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26368"
},
{
"name": "MDKSA-2007:169",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
},
{
"name": "20070803 FLEA-2007-0041-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
},
{
"name": "RHSA-2007:0777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
},
{
"name": "1018523",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018523"
},
{
"name": "26900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26900"
},
{
"name": "26520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-200709-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
},
{
"name": "26313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26313"
},
{
"name": "ADV-2007-2781",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2781"
},
{
"name": "25191",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25191"
},
{
"name": "26879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26879"
},
{
"name": "oval:org.mitre.oval:def:10887",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1599"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
},
{
"name": "26368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26368"
},
{
"name": "MDKSA-2007:169",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
},
{
"name": "20070803 FLEA-2007-0041-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
},
{
"name": "RHSA-2007:0777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
},
{
"name": "1018523",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018523"
},
{
"name": "26900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26900"
},
{
"name": "26520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26520"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-3381",
"datePublished": "2007-08-07T10:00:00",
"dateReserved": "2007-06-25T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6105 (GCVE-0-2006-6105)
Vulnerability from nvd – Published: 2006-12-15 02:00 – Updated: 2024-08-07 20:12
VLAI?
Summary
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23385",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23385"
},
{
"name": "23387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23387"
},
{
"name": "ADV-2006-5015",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5015"
},
{
"name": "23409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23409"
},
{
"name": "1017383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017383"
},
{
"name": "1017320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017320"
},
{
"name": "30848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30848"
},
{
"name": "gdmchooser-host-chooser-format-string(30896)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
},
{
"name": "21597",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21597"
},
{
"name": "23381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23381"
},
{
"name": "20061214 GNOME Foundation Display Manager gdmchooser Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
},
{
"name": "SUSE-SR:2006:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"name": "MDKSA-2006:231",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
},
{
"name": "USN-396-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-396-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "23385",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23385"
},
{
"name": "23387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23387"
},
{
"name": "ADV-2006-5015",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5015"
},
{
"name": "23409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23409"
},
{
"name": "1017383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017383"
},
{
"name": "1017320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017320"
},
{
"name": "30848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30848"
},
{
"name": "gdmchooser-host-chooser-format-string(30896)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
},
{
"name": "21597",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21597"
},
{
"name": "23381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23381"
},
{
"name": "20061214 GNOME Foundation Display Manager gdmchooser Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
},
{
"name": "SUSE-SR:2006:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"name": "MDKSA-2006:231",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
},
{
"name": "USN-396-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-396-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-6105",
"datePublished": "2006-12-15T02:00:00",
"dateReserved": "2006-11-24T00:00:00",
"dateUpdated": "2024-08-07T20:12:31.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2452 (GCVE-0-2006-2452)
Vulnerability from nvd – Published: 2006-06-09 10:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-2452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"name": "http://bugzilla.gnome.org/show_bug.cgi?id=343476",
"refsource": "CONFIRM",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-2452",
"datePublished": "2006-06-09T10:00:00",
"dateReserved": "2006-05-18T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1057 (GCVE-0-2006-1057)
Vulnerability from nvd – Published: 2006-04-25 01:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gdm-slavec-symlink(26092)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
},
{
"name": "ADV-2006-1465",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1465"
},
{
"name": "MDKSA-2006:083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
},
{
"name": "DSA-1040",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1040"
},
{
"name": "17635",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17635"
},
{
"name": "RHSA-2007:0286",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
},
{
"name": "oval:org.mitre.oval:def:10092",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
},
{
"name": "FEDORA-2006-338",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
},
{
"name": "USN-278-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/278-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "gdm-slavec-symlink(26092)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
},
{
"name": "ADV-2006-1465",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1465"
},
{
"name": "MDKSA-2006:083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
},
{
"name": "DSA-1040",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1040"
},
{
"name": "17635",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17635"
},
{
"name": "RHSA-2007:0286",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
},
{
"name": "oval:org.mitre.oval:def:10092",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
},
{
"name": "FEDORA-2006-338",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
},
{
"name": "USN-278-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/278-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-1057",
"datePublished": "2006-04-25T01:00:00",
"dateReserved": "2006-03-07T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0794 (GCVE-0-2003-0794)
Vulnerability from nvd – Published: 2003-10-21 04:00 – Updated: 2024-08-08 02:05
VLAI?
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gdm-command-dos(13448)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gdm-command-dos(13448)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gdm-command-dos(13448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"name": "MDKSA-2003:100",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "CLA-2003:766",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8846"
},
{
"name": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome",
"refsource": "CONFIRM",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0794",
"datePublished": "2003-10-21T04:00:00",
"dateReserved": "2003-09-17T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0793 (GCVE-0-2003-0793)
Vulnerability from nvd – Published: 2003-10-21 04:00 – Updated: 2024-08-08 02:05
VLAI?
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "gdm-dos(13447)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "gdm-dos(13447)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2003:100",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "gdm-dos(13447)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"name": "CLA-2003:766",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8846"
},
{
"name": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome",
"refsource": "CONFIRM",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0793",
"datePublished": "2003-10-21T04:00:00",
"dateReserved": "2003-09-17T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2011-1709
Vulnerability from fkie_nvd - Published: 2011-06-14 17:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news | ||
| cve@mitre.org | http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d | Patch | |
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html | ||
| cve@mitre.org | http://secunia.com/advisories/44797 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/44808 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/48084 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/USN-1142-1 | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=709139 | Patch | |
| cve@mitre.org | https://hermes.opensuse.org/messages/8643655 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44797 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44808 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/48084 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1142-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=709139 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hermes.opensuse.org/messages/8643655 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gdm | 1.0 | |
| gnome | gdm | 2.0 | |
| gnome | gdm | 2.2 | |
| gnome | gdm | 2.3 | |
| gnome | gdm | 2.4 | |
| gnome | gdm | 2.5 | |
| gnome | gdm | 2.6 | |
| gnome | gdm | 2.8 | |
| gnome | gdm | 2.13 | |
| gnome | gdm | 2.14 | |
| gnome | gdm | 2.15 | |
| gnome | gdm | 2.16 | |
| gnome | gdm | 2.17 | |
| gnome | gdm | 2.18 | |
| gnome | gdm | 2.19 | |
| gnome | gdm | 2.20 | |
| gnome | gdm | 2.21 | |
| gnome | gdm | 2.22 | |
| gnome | gdm | 2.23 | |
| gnome | gdm | 2.24 | |
| gnome | gdm | 2.25 | |
| gnome | gdm | 2.26 | |
| gnome | gdm | 2.27 | |
| gnome | gdm | 2.28 | |
| gnome | gdm | 2.29 | |
| gnome | gdm | 2.30 | |
| gnome | gdm | 2.31 | |
| gnome | gdm | 2.32 | |
| gnome | gdm | 2.32.1 | |
| gnome | glib | 2.28 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3296F925-6D41-4DA7-BDB2-3B04CF22A53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7960EC63-69CF-474C-996C-E431CCDD07E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38317A3-3725-4F32-B675-00F8FB288F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B760EB2A-6461-477F-B7E5-857117E21AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BC30F499-35B6-40BB-A420-A55F6993DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "27A6CC80-BC52-4B39-9424-E96DDA03666E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "832DE81E-18BB-4276-A6B0-F316A322E83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "898A4607-107C-460F-8CF8-DEF63876B1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "638AAAB0-2077-49F1-A909-0814C94EF96E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "14C57E06-FBAB-4950-810D-ADDD74D271FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF56331-0008-4DFE-AB33-08399E48F499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA4F51E-0ACE-4B31-BC58-027691C04941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C37ED748-3C65-45B7-B59E-718A14295E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF1C68D-408A-4150-92C5-C2C392410282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1C364D-5DDF-4B95-9545-AD3C6FD9C744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C0790-C762-48E4-A0BB-9FAD864AA913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "062D578B-AEF0-452C-A3AA-4A0D3F919F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "52BDEFAD-DE2B-4E1E-B155-203E7CEFCFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CD4961-40FC-4A01-A0D3-B904F479BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C3AC2D-F24A-4F0E-9433-1516BC61209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF547BB-BD34-4A38-B01A-E0059F70F7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB2319A-2356-492A-A479-57F8D546E688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "59F0314A-4DA4-4767-8FC0-D372302E5F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.32.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7C06C5-B328-47A2-8567-437A5B96FF1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "1A422B66-EC3B-4A01-8FCF-76716E2A23FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
},
{
"lang": "es",
"value": "GNOME Display Manager (GDM) antes de v2.32.2, cuando se utiliza glib v2.28, permite la ejecuci\u00f3n de un navegador web con el uid de la cuenta de gdm, que permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores implican el tipo MIME x-scheme-handler/http."
}
],
"id": "CVE-2011-1709",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-14T17:55:03.673",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44797"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/44808"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/48084"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
},
{
"source": "cve@mitre.org",
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/8643655"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-0727
Vulnerability from fkie_nvd - Published: 2011-03-31 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
References
| URL | Tags | ||
|---|---|---|---|
| security@ubuntu.com | http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news | ||
| security@ubuntu.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html | ||
| security@ubuntu.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html | ||
| security@ubuntu.com | http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html | Patch | |
| security@ubuntu.com | http://secunia.com/advisories/43714 | Vendor Advisory | |
| security@ubuntu.com | http://secunia.com/advisories/43854 | Vendor Advisory | |
| security@ubuntu.com | http://secunia.com/advisories/44021 | ||
| security@ubuntu.com | http://securitytracker.com/id?1025264 | ||
| security@ubuntu.com | http://www.debian.org/security/2011/dsa-2205 | ||
| security@ubuntu.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:070 | ||
| security@ubuntu.com | http://www.redhat.com/support/errata/RHSA-2011-0395.html | ||
| security@ubuntu.com | http://www.securityfocus.com/bid/47063 | ||
| security@ubuntu.com | http://www.ubuntu.com/usn/USN-1099-1 | ||
| security@ubuntu.com | http://www.vupen.com/english/advisories/2011/0786 | Vendor Advisory | |
| security@ubuntu.com | http://www.vupen.com/english/advisories/2011/0787 | Vendor Advisory | |
| security@ubuntu.com | http://www.vupen.com/english/advisories/2011/0797 | Vendor Advisory | |
| security@ubuntu.com | http://www.vupen.com/english/advisories/2011/0847 | ||
| security@ubuntu.com | http://www.vupen.com/english/advisories/2011/0911 | ||
| security@ubuntu.com | https://bugzilla.redhat.com/show_bug.cgi?id=688323 | Patch | |
| security@ubuntu.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/66377 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43714 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43854 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44021 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025264 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2205 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:070 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-0395.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/47063 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1099-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0786 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0787 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0797 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0847 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0911 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=688323 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/66377 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gdm | 2.0 | |
| gnome | gdm | 2.2 | |
| gnome | gdm | 2.3 | |
| gnome | gdm | 2.4 | |
| gnome | gdm | 2.5 | |
| gnome | gdm | 2.6 | |
| gnome | gdm | 2.8 | |
| gnome | gdm | 2.13 | |
| gnome | gdm | 2.14 | |
| gnome | gdm | 2.15 | |
| gnome | gdm | 2.16 | |
| gnome | gdm | 2.17 | |
| gnome | gdm | 2.18 | |
| gnome | gdm | 2.19 | |
| gnome | gdm | 2.20 | |
| gnome | gdm | 2.21 | |
| gnome | gdm | 2.22 | |
| gnome | gdm | 2.23 | |
| gnome | gdm | 2.24 | |
| gnome | gdm | 2.25 | |
| gnome | gdm | 2.26 | |
| gnome | gdm | 2.27 | |
| gnome | gdm | 2.28 | |
| gnome | gdm | 2.29 | |
| gnome | gdm | 2.30 | |
| gnome | gdm | 2.31 | |
| gnome | gdm | 2.32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3296F925-6D41-4DA7-BDB2-3B04CF22A53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7960EC63-69CF-474C-996C-E431CCDD07E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38317A3-3725-4F32-B675-00F8FB288F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B760EB2A-6461-477F-B7E5-857117E21AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BC30F499-35B6-40BB-A420-A55F6993DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "27A6CC80-BC52-4B39-9424-E96DDA03666E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "832DE81E-18BB-4276-A6B0-F316A322E83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "898A4607-107C-460F-8CF8-DEF63876B1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "638AAAB0-2077-49F1-A909-0814C94EF96E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "14C57E06-FBAB-4950-810D-ADDD74D271FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF56331-0008-4DFE-AB33-08399E48F499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA4F51E-0ACE-4B31-BC58-027691C04941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C37ED748-3C65-45B7-B59E-718A14295E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF1C68D-408A-4150-92C5-C2C392410282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1C364D-5DDF-4B95-9545-AD3C6FD9C744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C0790-C762-48E4-A0BB-9FAD864AA913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "062D578B-AEF0-452C-A3AA-4A0D3F919F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "52BDEFAD-DE2B-4E1E-B155-203E7CEFCFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CD4961-40FC-4A01-A0D3-B904F479BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C3AC2D-F24A-4F0E-9433-1516BC61209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF547BB-BD34-4A38-B01A-E0059F70F7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB2319A-2356-492A-A479-57F8D546E688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "59F0314A-4DA4-4767-8FC0-D372302E5F67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
},
{
"lang": "es",
"value": "GNOME Display Manager (GDM) v2.x anterior a v2.32.1 permite a usuarios locales cambiar el propietario de archivos arbitrarios mediante un ataque de enlace simb\u00f3lico en un (1) DMRC o (2) fichero de icono en /var/cache/gdm/."
}
],
"id": "CVE-2011-0727",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-31T22:55:02.350",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"source": "security@ubuntu.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"source": "security@ubuntu.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch"
],
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43714"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43854"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/44021"
},
{
"source": "security@ubuntu.com",
"url": "http://securitytracker.com/id?1025264"
},
{
"source": "security@ubuntu.com",
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"source": "security@ubuntu.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"source": "security@ubuntu.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/47063"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0797"
},
{
"source": "security@ubuntu.com",
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"source": "security@ubuntu.com",
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"source": "security@ubuntu.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-2697
Vulnerability from fkie_nvd - Published: 2009-09-04 20:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/36553 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/36219 | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=239818 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586 | ||
| cve@mitre.org | https://rhn.redhat.com/errata/RHSA-2009-1364.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36553 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36219 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=239818 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1364.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD13F270-B165-47B7-BBA3-6D1EF33AD277",
"versionEndIncluding": "2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "501714EA-1C5D-4EA7-B069-8E6521574AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3296F925-6D41-4DA7-BDB2-3B04CF22A53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7960EC63-69CF-474C-996C-E431CCDD07E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38317A3-3725-4F32-B675-00F8FB288F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B760EB2A-6461-477F-B7E5-857117E21AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BC30F499-35B6-40BB-A420-A55F6993DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "27A6CC80-BC52-4B39-9424-E96DDA03666E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079."
},
{
"lang": "es",
"value": "Red Hat build script para GNOME Display Manager (GDM) anterior a v2.16.0-56 en Red Hat Enterprise Linux (RHEL) v5 no da soporte a TCP Wrapper, lo que podr\u00eda permitir a atacantes remotos saltar las restricciones de acceso previstas a trav\u00e9s de conexiones XDMCP, una vulnerabilidad diferente que CVE-2007-5079."
}
],
"id": "CVE-2009-2697",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-04T20:30:00.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36553"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36219"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-3381
Vulnerability from fkie_nvd - Published: 2007-08-07 10:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news | ||
| secalert@redhat.com | http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes | ||
| secalert@redhat.com | http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news | ||
| secalert@redhat.com | http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news | ||
| secalert@redhat.com | http://secunia.com/advisories/26313 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/26368 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/26520 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/26879 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/26900 | Vendor Advisory | |
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200709-11.xml | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDKSA-2007:169 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2007-0777.html | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/475451/30/5550/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/25191 | ||
| secalert@redhat.com | http://www.securitytracker.com/id?1018523 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2007/2781 | Vendor Advisory | |
| secalert@redhat.com | https://issues.rpath.com/browse/RPL-1599 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26313 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26368 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26520 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26879 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26900 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200709-11.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:169 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0777.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/475451/30/5550/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25191 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018523 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2781 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1599 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gdm | * | |
| gnome | gdm | 0.7 | |
| gnome | gdm | 1.0 | |
| gnome | gdm | 2.0 | |
| gnome | gdm | 2.2 | |
| gnome | gdm | 2.3 | |
| gnome | gdm | 2.4 | |
| gnome | gdm | 2.5 | |
| gnome | gdm | 2.6 | |
| gnome | gdm | 2.8 | |
| gnome | gdm | 2.13 | |
| gnome | gdm | 2.14 | |
| gnome | gdm | 2.14.1 | |
| gnome | gdm | 2.14.2 | |
| gnome | gdm | 2.14.3 | |
| gnome | gdm | 2.14.4 | |
| gnome | gdm | 2.14.5 | |
| gnome | gdm | 2.14.6 | |
| gnome | gdm | 2.14.7 | |
| gnome | gdm | 2.14.8 | |
| gnome | gdm | 2.14.9 | |
| gnome | gdm | 2.14.10 | |
| gnome | gdm | 2.14.11 | |
| gnome | gdm | 2.14.3 | |
| gnome | gdm | 2.14.4 | |
| gnome | gdm | 2.14.5 | |
| gnome | gdm | 2.14.6 | |
| gnome | gdm | 2.16 | |
| gnome | gdm | 2.16.1 | |
| gnome | gdm | 2.16.2 | |
| gnome | gdm | 2.18 | |
| gnome | gdm | 2.18.1 | |
| gnome | gdm | 2.18.2 | |
| gnome | gdm | 2.18.3 | |
| gnome | gdm | 2.19 | |
| gnome | gdm | 2.19.1 | |
| gnome | gdm | 2.19.2 | |
| gnome | gdm | 2.19.3 | |
| gnome | gdm | 2.19.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A68E297-5F50-4DFA-AF70-06B016B852D2",
"versionEndIncluding": "2.14.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "501714EA-1C5D-4EA7-B069-8E6521574AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3296F925-6D41-4DA7-BDB2-3B04CF22A53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7960EC63-69CF-474C-996C-E431CCDD07E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38317A3-3725-4F32-B675-00F8FB288F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B760EB2A-6461-477F-B7E5-857117E21AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BC30F499-35B6-40BB-A420-A55F6993DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84ACF2-E06C-47E5-B221-78285238BA78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F316D7-4D67-4B2E-8418-B89466AA5CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6721626F-3335-446F-95C4-7B150C2FE2E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA624500-6AC3-4991-A185-619E3F76A384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1544DE39-DA4B-452C-A38C-D15E0EC5148F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B261D656-8C46-4F0A-93DD-8540B21BC1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "24A39F8A-D0F4-480E-904C-8FB906C6D72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4210033A-0FD1-43A7-BCDC-9A4ADFEBB1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD5D3BD-9988-4421-8C2B-1EE907CFA986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8D697C-AD36-446A-945A-0746898FFD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.11:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3072E1-A8AA-4C7B-B395-3F490943FED3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6721626F-3335-446F-95C4-7B150C2FE2E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA624500-6AC3-4991-A185-619E3F76A384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1544DE39-DA4B-452C-A38C-D15E0EC5148F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B261D656-8C46-4F0A-93DD-8540B21BC1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "832DE81E-18BB-4276-A6B0-F316A322E83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D01F3328-9DB5-4C75-A9BD-96243975A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24D361EF-B35F-46D9-9DF3-9254FFAD0A1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "638AAAB0-2077-49F1-A909-0814C94EF96E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E525EF-0702-42BD-AA45-00AB721DE9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09B6D822-D0D6-423E-AE9A-7510C06005A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "323B1859-30F3-4787-8A35-46A8189D4C5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "14C57E06-FBAB-4950-810D-ADDD74D271FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7359FE6-4BD1-4D3C-BCF5-6F2741FC1997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7888E478-E756-48FB-B3E3-534873B5F1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A82FCA7-76F6-48CE-8886-79AD9094EBF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "75DCBC45-71FC-4850-A7E0-6051AE38E4C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/."
},
{
"lang": "es",
"value": "El demonio GDM en GNOME Display Mangager (GDM) anterior a 2.14.13, 2.16.x anterior a 2.16.7, 2.18.x anterior a 2.18.4, y 2.19.x anterir a 2.19.5 no maneja adecuadamente valores de retorno nulos (NULL) de la funci\u00f3n g_strsplit, lo cual permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda persistente del demonio) mediante un comando manipulado hacia el socket del demonio, relacionado con (1) gdm.c y (2) gdmconfig.c en daemon/, y (3) gdmconfig.c y (4) gdmflexiserver.c en gui/."
}
],
"id": "CVE-2007-3381",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 2.7,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-07T10:17:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
},
{
"source": "secalert@redhat.com",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
},
{
"source": "secalert@redhat.com",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
},
{
"source": "secalert@redhat.com",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26313"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26368"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26520"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26879"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26900"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/25191"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1018523"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2781"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-1599"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-6105
Vulnerability from fkie_nvd - Published: 2006-12-15 02:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news | ||
| secalert@redhat.com | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/23381 | ||
| secalert@redhat.com | http://secunia.com/advisories/23385 | ||
| secalert@redhat.com | http://secunia.com/advisories/23387 | ||
| secalert@redhat.com | http://secunia.com/advisories/23409 | ||
| secalert@redhat.com | http://securitytracker.com/id?1017320 | Patch | |
| secalert@redhat.com | http://securitytracker.com/id?1017383 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDKSA-2006:231 | ||
| secalert@redhat.com | http://www.novell.com/linux/security/advisories/2006_29_sr.html | ||
| secalert@redhat.com | http://www.osvdb.org/30848 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/21597 | Patch | |
| secalert@redhat.com | http://www.ubuntu.com/usn/usn-396-1 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2006/5015 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/30896 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23381 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23385 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23387 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23409 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1017320 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1017383 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:231 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2006_29_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/30848 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/21597 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-396-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/5015 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/30896 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84ACF2-E06C-47E5-B221-78285238BA78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "832DE81E-18BB-4276-A6B0-F316A322E83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D01F3328-9DB5-4C75-A9BD-96243975A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24D361EF-B35F-46D9-9DF3-9254FFAD0A1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en la ventana de selecci\u00f3n de host (gdmchooser) en GNOME Foundation Display Manager (gdm) permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante especificadores de formato de cadena en un nombre de host, que se utilizan en un mensaje de error."
}
],
"id": "CVE-2006-6105",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-15T02:28:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23381"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23385"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23387"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23409"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1017320"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1017383"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/30848"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21597"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-396-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/5015"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1017320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-396-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/5015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. This flaw was first introduced in gdm version 2.14. Therefore these issues did not affect the earlier versions of gdm as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-2452
Vulnerability from fkie_nvd - Published: 2006-06-09 10:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://bugzilla.gnome.org/show_bug.cgi?id=343476 | ||
| secalert@redhat.com | http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html | ||
| secalert@redhat.com | http://secunia.com/advisories/20532 | ||
| secalert@redhat.com | http://secunia.com/advisories/20552 | ||
| secalert@redhat.com | http://secunia.com/advisories/20587 | ||
| secalert@redhat.com | http://secunia.com/advisories/20627 | ||
| secalert@redhat.com | http://secunia.com/advisories/20636 | ||
| secalert@redhat.com | http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDKSA-2006:100 | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/436428 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/18332 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2006/2239 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/27018 | ||
| secalert@redhat.com | https://usn.ubuntu.com/293-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugzilla.gnome.org/show_bug.cgi?id=343476 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20532 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20552 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20587 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20627 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20636 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:100 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/436428 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18332 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2239 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/27018 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/293-1/ |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B935ABD7-CCDF-4A23-8899-4243D66E9486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "27A6CC80-BC52-4B39-9424-E96DDA03666E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
}
],
"id": "CVE-2006-2452",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-09T10:02:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/20532"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/20552"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/20587"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/20627"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/20636"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/18332"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/293-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/293-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1057
Vulnerability from fkie_nvd - Published: 2006-04-25 01:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261 | ||
| secalert@redhat.com | http://www.debian.org/security/2006/dsa-1040 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDKSA-2006:083 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2007-0286.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/17635 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2006/1465 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/26092 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092 | ||
| secalert@redhat.com | https://usn.ubuntu.com/278-1/ | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1040 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:083 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0286.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/17635 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/1465 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/26092 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/278-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html | Patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file."
}
],
"id": "CVE-2006-1057",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-25T01:02:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1040"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/17635"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1465"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/278-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/278-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188302\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nThis issue does not affect Red Hat Enterprise Linux 2.1 and 3.",
"lastModified": "2006-09-19T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-0793
Vulnerability from fkie_nvd - Published: 2003-11-17 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome | ||
| cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2003:100 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/8846 | Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/13447 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2003:100 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/8846 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/13447 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C35EE6D6-8058-4840-95E9-6540600F25C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96A777E-0CA3-404C-9EF9-AF5D276FB9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44A4CEA3-1EFD-4926-8702-D9019449BF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF81497-99A3-49B9-9CEF-C94AA4FCC2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B386DD54-80C4-44C1-9276-C875D0EEE8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8A905FFC-0DBA-4636-BDE7-77F21E0871AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA26805-862B-466F-AAE5-C8EF60312BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DE2E4-5FCC-4F63-BB9F-F7EC77728F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E054F0-C688-4CC6-A3DA-22884CA4C4C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)."
},
{
"lang": "es",
"value": "GDM 2.4.4.x anteriores a 2.4.4.4 y 2.4.1.x anteriores a 2.4.1.7 no restringe el tama\u00f1o de la entrada, lo que permite a atacantes causar una denegaci\u00f3n de servicio (consumici\u00f3n de memoria)."
}
],
"id": "CVE-2003-0793",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-0794
Vulnerability from fkie_nvd - Published: 2003-11-17 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome | ||
| cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2003:100 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/8846 | Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/13448 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2003:100 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/8846 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/13448 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C35EE6D6-8058-4840-95E9-6540600F25C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96A777E-0CA3-404C-9EF9-AF5D276FB9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44A4CEA3-1EFD-4926-8702-D9019449BF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF81497-99A3-49B9-9CEF-C94AA4FCC2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B386DD54-80C4-44C1-9276-C875D0EEE8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8A905FFC-0DBA-4636-BDE7-77F21E0871AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA26805-862B-466F-AAE5-C8EF60312BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DE2E4-5FCC-4F63-BB9F-F7EC77728F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E054F0-C688-4CC6-A3DA-22884CA4C4C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results."
},
{
"lang": "es",
"value": "GDM 2.4.4.x anteriores a 2.4.4.4, y 2.4.1.x anteriores a 2.4.1.7 no limita el n\u00famero de comandos y usa una conexi\u00f3n de socket con bloqueo, lo que permite a atacantes causar una denegaci\u00f3n de servicio (consumici\u00f3n de recursos) enviando comandos y no leyendo los resultados."
}
],
"id": "CVE-2003-0794",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-0547
Vulnerability from fkie_nvd - Published: 2003-08-27 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729 | ||
| cve@mitre.org | http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=106194792924122&w=2 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2003-258.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106194792924122&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2003-258.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96A777E-0CA3-404C-9EF9-AF5D276FB9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44A4CEA3-1EFD-4926-8702-D9019449BF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF81497-99A3-49B9-9CEF-C94AA4FCC2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B386DD54-80C4-44C1-9276-C875D0EEE8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8A905FFC-0DBA-4636-BDE7-77F21E0871AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA26805-862B-466F-AAE5-C8EF60312BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DE2E4-5FCC-4F63-BB9F-F7EC77728F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.4.0.7.13:*:i386:*:*:*:*:*",
"matchCriteriaId": "8CDE0CDC-78C2-4AD8-8AD0-2A7293E6F8F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.4.1.3.5:*:i386:*:*:*:*:*",
"matchCriteriaId": "4E24847A-9164-4CDC-AD9C-087D7C03B24A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file."
},
{
"lang": "es",
"value": "GDM anteriores a 2.4.1.6, cuando usa la caracter\u00edstica \"examinar errores de sesi\u00f3n\", permite a usuarios locales leer ficheros arbitrario mediante un ataque de enlaces simb\u00f3licos en el fichero ~/.xsession-errors"
}
],
"id": "CVE-2003-0547",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"source": "cve@mitre.org",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}