Vulnerabilites related to gnome - gdm
Vulnerability from fkie_nvd
Published
2006-12-15 02:28
Modified
2024-11-21 00:21
Severity ?
Summary
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84ACF2-E06C-47E5-B221-78285238BA78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "832DE81E-18BB-4276-A6B0-F316A322E83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D01F3328-9DB5-4C75-A9BD-96243975A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24D361EF-B35F-46D9-9DF3-9254FFAD0A1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en la ventana de selecci\u00f3n de host (gdmchooser) en GNOME Foundation Display Manager (gdm) permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante especificadores de formato de cadena en un nombre de host, que se utilizan en un mensaje de error."
}
],
"id": "CVE-2006-6105",
"lastModified": "2024-11-21T00:21:48.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-15T02:28:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23381"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23385"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23387"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23409"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1017320"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1017383"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/30848"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21597"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-396-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/5015"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1017320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-396-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/5015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. This flaw was first introduced in gdm version 2.14. Therefore these issues did not affect the earlier versions of gdm as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gdm | 2.2.0 | |
| gnome | gdm | 2.4.1 | |
| gnome | gdm | 2.4.1.1 | |
| gnome | gdm | 2.4.1.2 | |
| gnome | gdm | 2.4.1.3 | |
| gnome | gdm | 2.4.1.4 | |
| gnome | gdm | 2.4.1.5 | |
| gnome | gdm | 2.4.1.6 | |
| redhat | kdebase | 2.0_beta2.45 | |
| redhat | kdebase | 2.0_beta2.45 | |
| redhat | kdebase | 2.2.3.1.20 | |
| redhat | kdebase | 2.2.3.1.20 | |
| redhat | kdebase | 2.2.3.1.22 | |
| redhat | kdebase | 2.4.0.7.13 | |
| redhat | kdebase | 2.4.1.3.5 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | linux_advanced_workstation | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8790E410-8609-4F08-85B3-EECF31CDB769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96A777E-0CA3-404C-9EF9-AF5D276FB9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44A4CEA3-1EFD-4926-8702-D9019449BF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF81497-99A3-49B9-9CEF-C94AA4FCC2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B386DD54-80C4-44C1-9276-C875D0EEE8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8A905FFC-0DBA-4636-BDE7-77F21E0871AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA26805-862B-466F-AAE5-C8EF60312BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DE2E4-5FCC-4F63-BB9F-F7EC77728F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.0_beta2.45:*:i386:*:*:*:*:*",
"matchCriteriaId": "BBED88A7-3830-4F95-8B1C-3F09F1AFDB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.0_beta2.45:*:ppc:*:*:*:*:*",
"matchCriteriaId": "96C0C11F-E824-47CD-8FA2-26F26FE0F37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.2.3.1.20:*:i386:*:*:*:*:*",
"matchCriteriaId": "7FCF4CC6-11CE-4468-8CC8-6E75384A34C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.2.3.1.20:*:ia64:*:*:*:*:*",
"matchCriteriaId": "1A6487D1-995E-4D75-BE1D-F73ECE35B01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.2.3.1.22:*:i386:*:*:*:*:*",
"matchCriteriaId": "DBE8ADC0-A1C9-407C-AA70-67864F423A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.4.0.7.13:*:i386:*:*:*:*:*",
"matchCriteriaId": "8CDE0CDC-78C2-4AD8-8AD0-2A7293E6F8F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.4.1.3.5:*:i386:*:*:*:*:*",
"matchCriteriaId": "4E24847A-9164-4CDC-AD9C-087D7C03B24A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
"matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
"matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
"matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
"matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
"matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F9BE3AC-B583-4AED-A940-E95F808D1BFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name."
},
{
"lang": "es",
"value": "Vulnerabilidad desconocida en el soporte XDMPC (X Display Manager Control Protocol - Protocolo de Control de Administrador de Visualizador X) en GDM anteriores a 2.4.1.6 permite a atacantes causar una denegaci\u00f3n de servicio (ca\u00edda del demonio), un problema diferente de CAN-2003-0548."
}
],
"id": "CVE-2003-0549",
"lastModified": "2024-11-20T23:44:59.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"source": "cve@mitre.org",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C35EE6D6-8058-4840-95E9-6540600F25C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96A777E-0CA3-404C-9EF9-AF5D276FB9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44A4CEA3-1EFD-4926-8702-D9019449BF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF81497-99A3-49B9-9CEF-C94AA4FCC2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B386DD54-80C4-44C1-9276-C875D0EEE8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8A905FFC-0DBA-4636-BDE7-77F21E0871AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA26805-862B-466F-AAE5-C8EF60312BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DE2E4-5FCC-4F63-BB9F-F7EC77728F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E054F0-C688-4CC6-A3DA-22884CA4C4C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results."
},
{
"lang": "es",
"value": "GDM 2.4.4.x anteriores a 2.4.4.4, y 2.4.1.x anteriores a 2.4.1.7 no limita el n\u00famero de comandos y usa una conexi\u00f3n de socket con bloqueo, lo que permite a atacantes causar una denegaci\u00f3n de servicio (consumici\u00f3n de recursos) enviando comandos y no leyendo los resultados."
}
],
"id": "CVE-2003-0794",
"lastModified": "2024-11-20T23:45:32.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-07 10:17
Modified
2024-11-21 00:33
Severity ?
Summary
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gdm | * | |
| gnome | gdm | 0.7 | |
| gnome | gdm | 1.0 | |
| gnome | gdm | 2.0 | |
| gnome | gdm | 2.2 | |
| gnome | gdm | 2.3 | |
| gnome | gdm | 2.4 | |
| gnome | gdm | 2.5 | |
| gnome | gdm | 2.6 | |
| gnome | gdm | 2.8 | |
| gnome | gdm | 2.13 | |
| gnome | gdm | 2.14 | |
| gnome | gdm | 2.14.1 | |
| gnome | gdm | 2.14.2 | |
| gnome | gdm | 2.14.3 | |
| gnome | gdm | 2.14.4 | |
| gnome | gdm | 2.14.5 | |
| gnome | gdm | 2.14.6 | |
| gnome | gdm | 2.14.7 | |
| gnome | gdm | 2.14.8 | |
| gnome | gdm | 2.14.9 | |
| gnome | gdm | 2.14.10 | |
| gnome | gdm | 2.14.11 | |
| gnome | gdm | 2.14.3 | |
| gnome | gdm | 2.14.4 | |
| gnome | gdm | 2.14.5 | |
| gnome | gdm | 2.14.6 | |
| gnome | gdm | 2.16 | |
| gnome | gdm | 2.16.1 | |
| gnome | gdm | 2.16.2 | |
| gnome | gdm | 2.18 | |
| gnome | gdm | 2.18.1 | |
| gnome | gdm | 2.18.2 | |
| gnome | gdm | 2.18.3 | |
| gnome | gdm | 2.19 | |
| gnome | gdm | 2.19.1 | |
| gnome | gdm | 2.19.2 | |
| gnome | gdm | 2.19.3 | |
| gnome | gdm | 2.19.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A68E297-5F50-4DFA-AF70-06B016B852D2",
"versionEndIncluding": "2.14.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "501714EA-1C5D-4EA7-B069-8E6521574AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3296F925-6D41-4DA7-BDB2-3B04CF22A53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7960EC63-69CF-474C-996C-E431CCDD07E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38317A3-3725-4F32-B675-00F8FB288F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B760EB2A-6461-477F-B7E5-857117E21AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BC30F499-35B6-40BB-A420-A55F6993DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84ACF2-E06C-47E5-B221-78285238BA78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F316D7-4D67-4B2E-8418-B89466AA5CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6721626F-3335-446F-95C4-7B150C2FE2E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA624500-6AC3-4991-A185-619E3F76A384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1544DE39-DA4B-452C-A38C-D15E0EC5148F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B261D656-8C46-4F0A-93DD-8540B21BC1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "24A39F8A-D0F4-480E-904C-8FB906C6D72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4210033A-0FD1-43A7-BCDC-9A4ADFEBB1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD5D3BD-9988-4421-8C2B-1EE907CFA986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8D697C-AD36-446A-945A-0746898FFD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.11:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3072E1-A8AA-4C7B-B395-3F490943FED3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6721626F-3335-446F-95C4-7B150C2FE2E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA624500-6AC3-4991-A185-619E3F76A384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1544DE39-DA4B-452C-A38C-D15E0EC5148F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B261D656-8C46-4F0A-93DD-8540B21BC1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "832DE81E-18BB-4276-A6B0-F316A322E83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D01F3328-9DB5-4C75-A9BD-96243975A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24D361EF-B35F-46D9-9DF3-9254FFAD0A1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "638AAAB0-2077-49F1-A909-0814C94EF96E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E525EF-0702-42BD-AA45-00AB721DE9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09B6D822-D0D6-423E-AE9A-7510C06005A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "323B1859-30F3-4787-8A35-46A8189D4C5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "14C57E06-FBAB-4950-810D-ADDD74D271FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7359FE6-4BD1-4D3C-BCF5-6F2741FC1997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7888E478-E756-48FB-B3E3-534873B5F1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A82FCA7-76F6-48CE-8886-79AD9094EBF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "75DCBC45-71FC-4850-A7E0-6051AE38E4C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/."
},
{
"lang": "es",
"value": "El demonio GDM en GNOME Display Mangager (GDM) anterior a 2.14.13, 2.16.x anterior a 2.16.7, 2.18.x anterior a 2.18.4, y 2.19.x anterir a 2.19.5 no maneja adecuadamente valores de retorno nulos (NULL) de la funci\u00f3n g_strsplit, lo cual permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda persistente del demonio) mediante un comando manipulado hacia el socket del demonio, relacionado con (1) gdm.c y (2) gdmconfig.c en daemon/, y (3) gdmconfig.c y (4) gdmflexiserver.c en gui/."
}
],
"id": "CVE-2007-3381",
"lastModified": "2024-11-21T00:33:05.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 2.7,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-07T10:17:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
},
{
"source": "secalert@redhat.com",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
},
{
"source": "secalert@redhat.com",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
},
{
"source": "secalert@redhat.com",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26313"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26368"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26520"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26879"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26900"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/25191"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1018523"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2781"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-1599"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C35EE6D6-8058-4840-95E9-6540600F25C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96A777E-0CA3-404C-9EF9-AF5D276FB9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44A4CEA3-1EFD-4926-8702-D9019449BF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF81497-99A3-49B9-9CEF-C94AA4FCC2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B386DD54-80C4-44C1-9276-C875D0EEE8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8A905FFC-0DBA-4636-BDE7-77F21E0871AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA26805-862B-466F-AAE5-C8EF60312BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DE2E4-5FCC-4F63-BB9F-F7EC77728F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E054F0-C688-4CC6-A3DA-22884CA4C4C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)."
},
{
"lang": "es",
"value": "GDM 2.4.4.x anteriores a 2.4.4.4 y 2.4.1.x anteriores a 2.4.1.7 no restringe el tama\u00f1o de la entrada, lo que permite a atacantes causar una denegaci\u00f3n de servicio (consumici\u00f3n de memoria)."
}
],
"id": "CVE-2003-0793",
"lastModified": "2024-11-20T23:45:32.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-14 17:55
Modified
2024-11-21 01:26
Severity ?
Summary
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gdm | 1.0 | |
| gnome | gdm | 2.0 | |
| gnome | gdm | 2.2 | |
| gnome | gdm | 2.3 | |
| gnome | gdm | 2.4 | |
| gnome | gdm | 2.5 | |
| gnome | gdm | 2.6 | |
| gnome | gdm | 2.8 | |
| gnome | gdm | 2.13 | |
| gnome | gdm | 2.14 | |
| gnome | gdm | 2.15 | |
| gnome | gdm | 2.16 | |
| gnome | gdm | 2.17 | |
| gnome | gdm | 2.18 | |
| gnome | gdm | 2.19 | |
| gnome | gdm | 2.20 | |
| gnome | gdm | 2.21 | |
| gnome | gdm | 2.22 | |
| gnome | gdm | 2.23 | |
| gnome | gdm | 2.24 | |
| gnome | gdm | 2.25 | |
| gnome | gdm | 2.26 | |
| gnome | gdm | 2.27 | |
| gnome | gdm | 2.28 | |
| gnome | gdm | 2.29 | |
| gnome | gdm | 2.30 | |
| gnome | gdm | 2.31 | |
| gnome | gdm | 2.32 | |
| gnome | gdm | 2.32.1 | |
| gnome | glib | 2.28 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3296F925-6D41-4DA7-BDB2-3B04CF22A53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7960EC63-69CF-474C-996C-E431CCDD07E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38317A3-3725-4F32-B675-00F8FB288F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B760EB2A-6461-477F-B7E5-857117E21AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BC30F499-35B6-40BB-A420-A55F6993DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "27A6CC80-BC52-4B39-9424-E96DDA03666E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "832DE81E-18BB-4276-A6B0-F316A322E83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "898A4607-107C-460F-8CF8-DEF63876B1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "638AAAB0-2077-49F1-A909-0814C94EF96E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "14C57E06-FBAB-4950-810D-ADDD74D271FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF56331-0008-4DFE-AB33-08399E48F499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA4F51E-0ACE-4B31-BC58-027691C04941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C37ED748-3C65-45B7-B59E-718A14295E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF1C68D-408A-4150-92C5-C2C392410282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1C364D-5DDF-4B95-9545-AD3C6FD9C744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C0790-C762-48E4-A0BB-9FAD864AA913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "062D578B-AEF0-452C-A3AA-4A0D3F919F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "52BDEFAD-DE2B-4E1E-B155-203E7CEFCFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CD4961-40FC-4A01-A0D3-B904F479BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C3AC2D-F24A-4F0E-9433-1516BC61209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF547BB-BD34-4A38-B01A-E0059F70F7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB2319A-2356-492A-A479-57F8D546E688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "59F0314A-4DA4-4767-8FC0-D372302E5F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.32.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7C06C5-B328-47A2-8567-437A5B96FF1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "1A422B66-EC3B-4A01-8FCF-76716E2A23FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
},
{
"lang": "es",
"value": "GNOME Display Manager (GDM) antes de v2.32.2, cuando se utiliza glib v2.28, permite la ejecuci\u00f3n de un navegador web con el uid de la cuenta de gdm, que permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores implican el tipo MIME x-scheme-handler/http."
}
],
"id": "CVE-2011-1709",
"lastModified": "2024-11-21T01:26:50.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-14T17:55:03.673",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44797"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/44808"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/48084"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
},
{
"source": "cve@mitre.org",
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/8643655"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-06-19 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/1369 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.xfree86.org/security/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/1369 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.xfree86.org/security/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gdm | 1.0 | |
| gnome | gdm | 1.1 | |
| open_group | x | 11.0r5 | |
| open_group | x | 11.0r6 | |
| open_group | x | 11.0r6.1 | |
| open_group | x | 11.0r6.2 | |
| open_group | x | 11.0r6.3 | |
| open_group | x | 11.0r6.4 | |
| xfree86_project | x11r6 | 3.3.3 | |
| xfree86_project | x11r6 | 3.3.4 | |
| xfree86_project | x11r6 | 3.3.5 | |
| xfree86_project | x11r6 | 3.3.6 | |
| xfree86_project | x11r6 | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37AB5A38-A7C4-4016-8628-27AA0EC7E401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_group:x:11.0r5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BF5526-54BA-411B-8C18-BAD8801EEF18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_group:x:11.0r6:*:*:*:*:*:*:*",
"matchCriteriaId": "341C2874-4A2A-4ECD-A243-10EF6F2588BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_group:x:11.0r6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97B9657E-D7CE-496F-AE51-8AFA1CCA49CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_group:x:11.0r6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2B4032-71E6-4731-B829-DD8F004B20BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_group:x:11.0r6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DA55DC-E2A9-44B4-84D6-BE9F84898430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open_group:x:11.0r6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3657FA-0841-487B-9650-FC06A4E2A88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro."
}
],
"id": "CVE-2000-0504",
"lastModified": "2024-11-20T23:32:39.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-06-19T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1369"
},
{
"source": "cve@mitre.org",
"url": "http://www.xfree86.org/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.xfree86.org/security/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-04 20:30
Modified
2024-11-21 01:05
Severity ?
Summary
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD13F270-B165-47B7-BBA3-6D1EF33AD277",
"versionEndIncluding": "2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "501714EA-1C5D-4EA7-B069-8E6521574AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3296F925-6D41-4DA7-BDB2-3B04CF22A53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7960EC63-69CF-474C-996C-E431CCDD07E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38317A3-3725-4F32-B675-00F8FB288F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B760EB2A-6461-477F-B7E5-857117E21AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BC30F499-35B6-40BB-A420-A55F6993DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "27A6CC80-BC52-4B39-9424-E96DDA03666E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079."
},
{
"lang": "es",
"value": "Red Hat build script para GNOME Display Manager (GDM) anterior a v2.16.0-56 en Red Hat Enterprise Linux (RHEL) v5 no da soporte a TCP Wrapper, lo que podr\u00eda permitir a atacantes remotos saltar las restricciones de acceso previstas a trav\u00e9s de conexiones XDMCP, una vulnerabilidad diferente que CVE-2007-5079."
}
],
"id": "CVE-2009-2697",
"lastModified": "2024-11-21T01:05:32.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-04T20:30:00.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36553"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36219"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-12-05 05:00
Modified
2024-11-20 23:30
Severity ?
Summary
Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.0_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0A11C1-AF35-4006-A5BA-634B814DAC73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system."
}
],
"id": "CVE-1999-0990",
"lastModified": "2024-11-20T23:30:00.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-12-05T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0990"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-05-24 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gdm | 1.0 | |
| caldera | openlinux | * | |
| suse | suse_linux | 6.2 | |
| suse | suse_linux | 6.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:caldera:openlinux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EC3F7E5-5D49-471B-A705-ADD2642E5B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B67020A-6942-4478-B501-764147C4970D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7786607A-362E-4817-A17E-C76D6A1F737D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request."
}
],
"id": "CVE-2000-0491",
"lastModified": "2024-11-20T23:32:37.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-05-24T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_49.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1233"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1279"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_49.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1370"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-25 01:02
Modified
2024-11-21 00:07
Severity ?
Summary
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file."
}
],
"id": "CVE-2006-1057",
"lastModified": "2024-11-21T00:07:58.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-25T01:02:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1040"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/17635"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1465"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/278-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/278-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188302\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nThis issue does not affect Red Hat Enterprise Linux 2.1 and 3.",
"lastModified": "2006-09-19T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gdm | 2.2.0 | |
| gnome | gdm | 2.4.1 | |
| gnome | gdm | 2.4.1.1 | |
| gnome | gdm | 2.4.1.2 | |
| gnome | gdm | 2.4.1.3 | |
| gnome | gdm | 2.4.1.4 | |
| gnome | gdm | 2.4.1.5 | |
| gnome | gdm | 2.4.1.6 | |
| redhat | kdebase | 2.0_beta2.45 | |
| redhat | kdebase | 2.0_beta2.45 | |
| redhat | kdebase | 2.2.3.1.20 | |
| redhat | kdebase | 2.2.3.1.20 | |
| redhat | kdebase | 2.2.3.1.22 | |
| redhat | kdebase | 2.4.0.7.13 | |
| redhat | kdebase | 2.4.1.3.5 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | linux_advanced_workstation | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8790E410-8609-4F08-85B3-EECF31CDB769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96A777E-0CA3-404C-9EF9-AF5D276FB9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44A4CEA3-1EFD-4926-8702-D9019449BF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF81497-99A3-49B9-9CEF-C94AA4FCC2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B386DD54-80C4-44C1-9276-C875D0EEE8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8A905FFC-0DBA-4636-BDE7-77F21E0871AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA26805-862B-466F-AAE5-C8EF60312BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DE2E4-5FCC-4F63-BB9F-F7EC77728F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.0_beta2.45:*:i386:*:*:*:*:*",
"matchCriteriaId": "BBED88A7-3830-4F95-8B1C-3F09F1AFDB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.0_beta2.45:*:ppc:*:*:*:*:*",
"matchCriteriaId": "96C0C11F-E824-47CD-8FA2-26F26FE0F37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.2.3.1.20:*:i386:*:*:*:*:*",
"matchCriteriaId": "7FCF4CC6-11CE-4468-8CC8-6E75384A34C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.2.3.1.20:*:ia64:*:*:*:*:*",
"matchCriteriaId": "1A6487D1-995E-4D75-BE1D-F73ECE35B01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.2.3.1.22:*:i386:*:*:*:*:*",
"matchCriteriaId": "DBE8ADC0-A1C9-407C-AA70-67864F423A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.4.0.7.13:*:i386:*:*:*:*:*",
"matchCriteriaId": "8CDE0CDC-78C2-4AD8-8AD0-2A7293E6F8F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.4.1.3.5:*:i386:*:*:*:*:*",
"matchCriteriaId": "4E24847A-9164-4CDC-AD9C-087D7C03B24A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
"matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
"matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
"matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
"matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
"matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F9BE3AC-B583-4AED-A940-E95F808D1BFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549."
},
{
"lang": "es",
"value": "Vulnerabilidad desconocida en el soporte XDMPC (X Display Manager Control Protocol - Protocolo de Control de Administrador de Visualizador X) en GDM anteriores a 2.4.1.6 permite a atacantes causar una denegaci\u00f3n de servicio (ca\u00edda del demonio), un problema diferente de CAN-2003-0549."
}
],
"id": "CVE-2003-0548",
"lastModified": "2024-11-20T23:44:59.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"source": "cve@mitre.org",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96A777E-0CA3-404C-9EF9-AF5D276FB9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44A4CEA3-1EFD-4926-8702-D9019449BF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF81497-99A3-49B9-9CEF-C94AA4FCC2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B386DD54-80C4-44C1-9276-C875D0EEE8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8A905FFC-0DBA-4636-BDE7-77F21E0871AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA26805-862B-466F-AAE5-C8EF60312BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DE2E4-5FCC-4F63-BB9F-F7EC77728F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.4.0.7.13:*:i386:*:*:*:*:*",
"matchCriteriaId": "8CDE0CDC-78C2-4AD8-8AD0-2A7293E6F8F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdebase:2.4.1.3.5:*:i386:*:*:*:*:*",
"matchCriteriaId": "4E24847A-9164-4CDC-AD9C-087D7C03B24A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file."
},
{
"lang": "es",
"value": "GDM anteriores a 2.4.1.6, cuando usa la caracter\u00edstica \"examinar errores de sesi\u00f3n\", permite a usuarios locales leer ficheros arbitrario mediante un ataque de enlaces simb\u00f3licos en el fichero ~/.xsession-errors"
}
],
"id": "CVE-2003-0547",
"lastModified": "2024-11-20T23:44:59.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"source": "cve@mitre.org",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-31 22:55
Modified
2024-11-21 01:24
Severity ?
Summary
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gdm | 2.0 | |
| gnome | gdm | 2.2 | |
| gnome | gdm | 2.3 | |
| gnome | gdm | 2.4 | |
| gnome | gdm | 2.5 | |
| gnome | gdm | 2.6 | |
| gnome | gdm | 2.8 | |
| gnome | gdm | 2.13 | |
| gnome | gdm | 2.14 | |
| gnome | gdm | 2.15 | |
| gnome | gdm | 2.16 | |
| gnome | gdm | 2.17 | |
| gnome | gdm | 2.18 | |
| gnome | gdm | 2.19 | |
| gnome | gdm | 2.20 | |
| gnome | gdm | 2.21 | |
| gnome | gdm | 2.22 | |
| gnome | gdm | 2.23 | |
| gnome | gdm | 2.24 | |
| gnome | gdm | 2.25 | |
| gnome | gdm | 2.26 | |
| gnome | gdm | 2.27 | |
| gnome | gdm | 2.28 | |
| gnome | gdm | 2.29 | |
| gnome | gdm | 2.30 | |
| gnome | gdm | 2.31 | |
| gnome | gdm | 2.32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3296F925-6D41-4DA7-BDB2-3B04CF22A53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7960EC63-69CF-474C-996C-E431CCDD07E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38317A3-3725-4F32-B675-00F8FB288F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B760EB2A-6461-477F-B7E5-857117E21AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BC30F499-35B6-40BB-A420-A55F6993DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "27A6CC80-BC52-4B39-9424-E96DDA03666E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "832DE81E-18BB-4276-A6B0-F316A322E83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "898A4607-107C-460F-8CF8-DEF63876B1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "638AAAB0-2077-49F1-A909-0814C94EF96E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "14C57E06-FBAB-4950-810D-ADDD74D271FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF56331-0008-4DFE-AB33-08399E48F499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA4F51E-0ACE-4B31-BC58-027691C04941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C37ED748-3C65-45B7-B59E-718A14295E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF1C68D-408A-4150-92C5-C2C392410282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1C364D-5DDF-4B95-9545-AD3C6FD9C744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C0790-C762-48E4-A0BB-9FAD864AA913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "062D578B-AEF0-452C-A3AA-4A0D3F919F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "52BDEFAD-DE2B-4E1E-B155-203E7CEFCFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CD4961-40FC-4A01-A0D3-B904F479BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C3AC2D-F24A-4F0E-9433-1516BC61209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF547BB-BD34-4A38-B01A-E0059F70F7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB2319A-2356-492A-A479-57F8D546E688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "59F0314A-4DA4-4767-8FC0-D372302E5F67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
},
{
"lang": "es",
"value": "GNOME Display Manager (GDM) v2.x anterior a v2.32.1 permite a usuarios locales cambiar el propietario de archivos arbitrarios mediante un ataque de enlace simb\u00f3lico en un (1) DMRC o (2) fichero de icono en /var/cache/gdm/."
}
],
"id": "CVE-2011-0727",
"lastModified": "2024-11-21T01:24:42.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-31T22:55:02.350",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"source": "security@ubuntu.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"source": "security@ubuntu.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch"
],
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43714"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43854"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/44021"
},
{
"source": "security@ubuntu.com",
"url": "http://securitytracker.com/id?1025264"
},
{
"source": "security@ubuntu.com",
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"source": "security@ubuntu.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"source": "security@ubuntu.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/47063"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0797"
},
{
"source": "security@ubuntu.com",
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"source": "security@ubuntu.com",
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"source": "security@ubuntu.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-09 10:02
Modified
2024-11-21 00:11
Severity ?
Summary
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B935ABD7-CCDF-4A23-8899-4243D66E9486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "27A6CC80-BC52-4B39-9424-E96DDA03666E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
}
],
"id": "CVE-2006-2452",
"lastModified": "2024-11-21T00:11:21.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-09T10:02:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/20532"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/20552"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/20587"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/20627"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/20636"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/18332"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/293-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/293-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2006-2452
Vulnerability from cvelistv5
Published
2006-06-09 10:00
Modified
2024-08-07 17:51
Severity ?
EPSS score ?
Summary
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-2452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"name": "http://bugzilla.gnome.org/show_bug.cgi?id=343476",
"refsource": "CONFIRM",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-2452",
"datePublished": "2006-06-09T10:00:00",
"dateReserved": "2006-05-18T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2697
Vulnerability from cvelistv5
Published
2009-09-04 20:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/36553 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=239818 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/36219 | vdb-entry, x_refsource_BID | |
| https://rhn.redhat.com/errata/RHSA-2009-1364.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9586",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"name": "36553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"name": "36219",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36219"
},
{
"name": "RHSA-2009:1364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9586",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"name": "36553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"name": "36219",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36219"
},
{
"name": "RHSA-2009:1364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:9586",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"name": "36553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36553"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=239818",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"name": "36219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36219"
},
{
"name": "RHSA-2009:1364",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2697",
"datePublished": "2009-09-04T20:00:00",
"dateReserved": "2009-08-05T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6105
Vulnerability from cvelistv5
Published
2006-12-15 02:00
Modified
2024-08-07 20:12
Severity ?
EPSS score ?
Summary
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23385",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23385"
},
{
"name": "23387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23387"
},
{
"name": "ADV-2006-5015",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5015"
},
{
"name": "23409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23409"
},
{
"name": "1017383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017383"
},
{
"name": "1017320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017320"
},
{
"name": "30848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30848"
},
{
"name": "gdmchooser-host-chooser-format-string(30896)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
},
{
"name": "21597",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21597"
},
{
"name": "23381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23381"
},
{
"name": "20061214 GNOME Foundation Display Manager gdmchooser Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
},
{
"name": "SUSE-SR:2006:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"name": "MDKSA-2006:231",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
},
{
"name": "USN-396-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-396-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "23385",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23385"
},
{
"name": "23387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23387"
},
{
"name": "ADV-2006-5015",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5015"
},
{
"name": "23409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23409"
},
{
"name": "1017383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017383"
},
{
"name": "1017320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017320"
},
{
"name": "30848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30848"
},
{
"name": "gdmchooser-host-chooser-format-string(30896)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
},
{
"name": "21597",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21597"
},
{
"name": "23381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23381"
},
{
"name": "20061214 GNOME Foundation Display Manager gdmchooser Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
},
{
"name": "SUSE-SR:2006:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"name": "MDKSA-2006:231",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
},
{
"name": "USN-396-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-396-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-6105",
"datePublished": "2006-12-15T02:00:00",
"dateReserved": "2006-11-24T00:00:00",
"dateUpdated": "2024-08-07T20:12:31.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0549
Vulnerability from cvelistv5
Published
2003-08-22 04:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.redhat.com/support/errata/RHSA-2003-258.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.redhat.com/support/errata/RHSA-2003-259.html | vendor-advisory, x_refsource_REDHAT | |
| http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:10.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:129",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129"
},
{
"name": "RHSA-2003:259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:129",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129"
},
{
"name": "RHSA-2003:259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2003:729",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:129",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129"
},
{
"name": "RHSA-2003:259",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"name": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"refsource": "CONFIRM",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0549",
"datePublished": "2003-08-22T04:00:00",
"dateReserved": "2003-07-14T00:00:00",
"dateUpdated": "2024-08-08T01:58:10.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0548
Vulnerability from cvelistv5
Published
2003-08-22 04:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
References
| ▼ | URL | Tags |
|---|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.redhat.com/support/errata/RHSA-2003-258.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.redhat.com/support/errata/RHSA-2003-259.html | vendor-advisory, x_refsource_REDHAT | |
| http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:10.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:113",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113"
},
{
"name": "RHSA-2003:259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:113",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113"
},
{
"name": "RHSA-2003:259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2003:729",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:113",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113"
},
{
"name": "RHSA-2003:259",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"name": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"refsource": "CONFIRM",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0548",
"datePublished": "2003-08-22T04:00:00",
"dateReserved": "2003-07-14T00:00:00",
"dateUpdated": "2024-08-08T01:58:10.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0990
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:55
Severity ?
EPSS score ?
Summary
Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0990 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T08:18:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0990"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0990",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0990"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0990",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "1999-12-14T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0504
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 05:21
Severity ?
EPSS score ?
Summary
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.xfree86.org/security/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/1369 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xfree86.org/security/"
},
{
"name": "1369",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1369"
},
{
"name": "20000619 XFree86: libICE DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xfree86.org/security/"
},
{
"name": "1369",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1369"
},
{
"name": "20000619 XFree86: libICE DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.xfree86.org/security/",
"refsource": "CONFIRM",
"url": "http://www.xfree86.org/security/"
},
{
"name": "1369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1369"
},
{
"name": "20000619 XFree86: libICE DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0504",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12164
Vulnerability from cvelistv5
Published
2018-07-26 16:00
Modified
2024-08-05 18:28
Severity ?
EPSS score ?
Summary
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gdm",
"vendor": "GNOME",
"versions": [
{
"status": "affected",
"version": "3.24.1"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select \u0027login as another user\u0027 to unlock their screen."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-592",
"description": "CWE-592",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-26T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-12164",
"datePublished": "2018-07-26T16:00:00",
"dateReserved": "2017-08-01T00:00:00",
"dateUpdated": "2024-08-05T18:28:16.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0727
Vulnerability from cvelistv5
Published
2011-03-31 22:00
Modified
2024-08-06 22:05
Severity ?
EPSS score ?
Summary
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:52.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name": "43714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43714"
},
{
"name": "1025264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025264"
},
{
"name": "FEDORA-2011-4351",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name": "43854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43854"
},
{
"name": "ADV-2011-0847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name": "ADV-2011-0787",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name": "display-manager-priv-escalation(66377)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"name": "ADV-2011-0911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name": "MDVSA-2011:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name": "DSA-2205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"name": "RHSA-2011:0395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name": "47063",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47063"
},
{
"name": "ADV-2011-0786",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name": "[gdm-list] 20110328 GDM 2.32.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name": "44021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44021"
},
{
"name": "FEDORA-2011-4335",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name": "ADV-2011-0797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "USN-1099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name": "43714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43714"
},
{
"name": "1025264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025264"
},
{
"name": "FEDORA-2011-4351",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name": "43854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43854"
},
{
"name": "ADV-2011-0847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name": "ADV-2011-0787",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name": "display-manager-priv-escalation(66377)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"name": "ADV-2011-0911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name": "MDVSA-2011:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name": "DSA-2205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"name": "RHSA-2011:0395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name": "47063",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47063"
},
{
"name": "ADV-2011-0786",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name": "[gdm-list] 20110328 GDM 2.32.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name": "44021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44021"
},
{
"name": "FEDORA-2011-4335",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name": "ADV-2011-0797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-0727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1099-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name": "43714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43714"
},
{
"name": "1025264",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025264"
},
{
"name": "FEDORA-2011-4351",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name": "43854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43854"
},
{
"name": "ADV-2011-0847",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name": "ADV-2011-0787",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name": "display-manager-priv-escalation(66377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"name": "ADV-2011-0911",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name": "MDVSA-2011:070",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name": "DSA-2205",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"name": "RHSA-2011:0395",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name": "47063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47063"
},
{
"name": "ADV-2011-0786",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name": "[gdm-list] 20110328 GDM 2.32.1 released",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=688323",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name": "44021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44021"
},
{
"name": "FEDORA-2011-4335",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name": "ADV-2011-0797",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-0727",
"datePublished": "2011-03-31T22:00:00",
"dateReserved": "2011-02-01T00:00:00",
"dateUpdated": "2024-08-06T22:05:52.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1709
Vulnerability from cvelistv5
Published
2011-06-14 17:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news | x_refsource_CONFIRM | |
| http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d | x_refsource_CONFIRM | |
| http://secunia.com/advisories/44797 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.ubuntu.com/usn/USN-1142-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/48084 | vdb-entry, x_refsource_BID | |
| https://hermes.opensuse.org/messages/8643655 | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/44808 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=709139 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44808"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44808"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"name": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44808"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=709139",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1709",
"datePublished": "2011-06-14T17:00:00",
"dateReserved": "2011-04-15T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0547
Vulnerability from cvelistv5
Published
2003-08-22 04:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.redhat.com/support/errata/RHSA-2003-258.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112 | vdb-entry, signature, x_refsource_OVAL | |
| http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=106194792924122&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:112",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"name": "20030824 [slackware-security] GDM security update (SSA:2003-236-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:112",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"name": "20030824 [slackware-security] GDM security update (SSA:2003-236-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2003:729",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:112",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
},
{
"name": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"refsource": "CONFIRM",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"name": "20030824 [slackware-security] GDM security update (SSA:2003-236-01)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0547",
"datePublished": "2003-08-22T04:00:00",
"dateReserved": "2003-07-14T00:00:00",
"dateUpdated": "2024-08-08T01:58:11.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0794
Vulnerability from cvelistv5
Published
2003-10-21 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13448 | vdb-entry, x_refsource_XF | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2003:100 | vendor-advisory, x_refsource_MANDRAKE | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.securityfocus.com/bid/8846 | vdb-entry, x_refsource_BID | |
| http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gdm-command-dos(13448)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gdm-command-dos(13448)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gdm-command-dos(13448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"name": "MDKSA-2003:100",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "CLA-2003:766",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8846"
},
{
"name": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome",
"refsource": "CONFIRM",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0794",
"datePublished": "2003-10-21T04:00:00",
"dateReserved": "2003-09-17T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0793
Vulnerability from cvelistv5
Published
2003-10-21 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDKSA-2003:100 | vendor-advisory, x_refsource_MANDRAKE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13447 | vdb-entry, x_refsource_XF | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.securityfocus.com/bid/8846 | vdb-entry, x_refsource_BID | |
| http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "gdm-dos(13447)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "gdm-dos(13447)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2003:100",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "gdm-dos(13447)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"name": "CLA-2003:766",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8846"
},
{
"name": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome",
"refsource": "CONFIRM",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0793",
"datePublished": "2003-10-21T04:00:00",
"dateReserved": "2003-09-17T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0491
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:21
Severity ?
EPSS score ?
Summary
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/1279 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/1370 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/1233 | vdb-entry, x_refsource_BID | |
| http://www.novell.com/linux/security/advisories/suse_security_announce_49.html | vendor-advisory, x_refsource_SUSE | |
| ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt | vendor-advisory, x_refsource_CALDERA | |
| http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:30.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000607 Conectiva Linux Security Announcement - gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html"
},
{
"name": "1279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1279"
},
{
"name": "1370",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1370"
},
{
"name": "1233",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1233"
},
{
"name": "20000524 Security hole in gdm \u003c= 2.0beta4-25",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_49.html"
},
{
"name": "CSSA-2000-013.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt"
},
{
"name": "20000521 \"gdm\" remote hole",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-04-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000607 Conectiva Linux Security Announcement - gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html"
},
{
"name": "1279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1279"
},
{
"name": "1370",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1370"
},
{
"name": "1233",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1233"
},
{
"name": "20000524 Security hole in gdm \u003c= 2.0beta4-25",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_49.html"
},
{
"name": "CSSA-2000-013.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt"
},
{
"name": "20000521 \"gdm\" remote hole",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000607 Conectiva Linux Security Announcement - gdm",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html"
},
{
"name": "1279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1279"
},
{
"name": "1370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1370"
},
{
"name": "1233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1233"
},
{
"name": "20000524 Security hole in gdm \u003c= 2.0beta4-25",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_49.html"
},
{
"name": "CSSA-2000-013.0",
"refsource": "CALDERA",
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt"
},
{
"name": "20000521 \"gdm\" remote hole",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0491",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:30.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3381
Vulnerability from cvelistv5
Published
2007-08-07 10:00
Modified
2024-08-07 14:14
Severity ?
EPSS score ?
Summary
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200709-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
},
{
"name": "26313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26313"
},
{
"name": "ADV-2007-2781",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2781"
},
{
"name": "25191",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25191"
},
{
"name": "26879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26879"
},
{
"name": "oval:org.mitre.oval:def:10887",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1599"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
},
{
"name": "26368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26368"
},
{
"name": "MDKSA-2007:169",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
},
{
"name": "20070803 FLEA-2007-0041-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
},
{
"name": "RHSA-2007:0777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
},
{
"name": "1018523",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018523"
},
{
"name": "26900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26900"
},
{
"name": "26520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-200709-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
},
{
"name": "26313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26313"
},
{
"name": "ADV-2007-2781",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2781"
},
{
"name": "25191",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25191"
},
{
"name": "26879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26879"
},
{
"name": "oval:org.mitre.oval:def:10887",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1599"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
},
{
"name": "26368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26368"
},
{
"name": "MDKSA-2007:169",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
},
{
"name": "20070803 FLEA-2007-0041-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
},
{
"name": "RHSA-2007:0777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
},
{
"name": "1018523",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018523"
},
{
"name": "26900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26900"
},
{
"name": "26520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26520"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-3381",
"datePublished": "2007-08-07T10:00:00",
"dateReserved": "2007-06-25T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1057
Vulnerability from cvelistv5
Published
2006-04-25 01:00
Modified
2024-08-07 16:56
Severity ?
EPSS score ?
Summary
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26092 | vdb-entry, x_refsource_XF | |
| https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303 | x_refsource_CONFIRM | |
| http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/1465 | vdb-entry, x_refsource_VUPEN | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2006:083 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.debian.org/security/2006/dsa-1040 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/17635 | vdb-entry, x_refsource_BID | |
| http://www.redhat.com/support/errata/RHSA-2007-0286.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092 | vdb-entry, signature, x_refsource_OVAL | |
| https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html | vendor-advisory, x_refsource_FEDORA | |
| https://usn.ubuntu.com/278-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gdm-slavec-symlink(26092)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
},
{
"name": "ADV-2006-1465",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1465"
},
{
"name": "MDKSA-2006:083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
},
{
"name": "DSA-1040",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1040"
},
{
"name": "17635",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17635"
},
{
"name": "RHSA-2007:0286",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
},
{
"name": "oval:org.mitre.oval:def:10092",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
},
{
"name": "FEDORA-2006-338",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
},
{
"name": "USN-278-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/278-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "gdm-slavec-symlink(26092)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
},
{
"name": "ADV-2006-1465",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1465"
},
{
"name": "MDKSA-2006:083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
},
{
"name": "DSA-1040",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1040"
},
{
"name": "17635",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17635"
},
{
"name": "RHSA-2007:0286",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
},
{
"name": "oval:org.mitre.oval:def:10092",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
},
{
"name": "FEDORA-2006-338",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
},
{
"name": "USN-278-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/278-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-1057",
"datePublished": "2006-04-25T01:00:00",
"dateReserved": "2006-03-07T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}