cvelistv5 - CVE-2007-3381

CVE-2007-3381 (GCVE-0-2007-3381)

Vulnerability from cvelistv5 – Published: 2007-08-07 10:00 – Updated: 2024-08-07 14:14

Summary

The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://security.gentoo.org/glsa/glsa-200709-11.xml	vendor-advisoryx_refsource_GENTOO
	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/g…	x_refsource_CONFIRM
	http://secunia.com/advisories/26313	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/2781	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/25191	vdb-entryx_refsource_BID
	http://secunia.com/advisories/26879	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://issues.rpath.com/browse/RPL-1599	x_refsource_CONFIRM
	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/g…	x_refsource_CONFIRM
	http://secunia.com/advisories/26368	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/g…	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/475451/30/…	mailing-listx_refsource_BUGTRAQ
	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/g…	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2007-07…	vendor-advisoryx_refsource_REDHAT
	http://www.securitytracker.com/id?1018523	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/26900	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/26520	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:14:12.887Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-200709-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
          },
          {
            "name": "26313",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26313"
          },
          {
            "name": "ADV-2007-2781",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2781"
          },
          {
            "name": "25191",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25191"
          },
          {
            "name": "26879",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26879"
          },
          {
            "name": "oval:org.mitre.oval:def:10887",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1599"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
          },
          {
            "name": "26368",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26368"
          },
          {
            "name": "MDKSA-2007:169",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
          },
          {
            "name": "20070803 FLEA-2007-0041-1 gdm",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
          },
          {
            "name": "RHSA-2007:0777",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
          },
          {
            "name": "1018523",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018523"
          },
          {
            "name": "26900",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26900"
          },
          {
            "name": "26520",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26520"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "GLSA-200709-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
        },
        {
          "name": "26313",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26313"
        },
        {
          "name": "ADV-2007-2781",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2781"
        },
        {
          "name": "25191",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25191"
        },
        {
          "name": "26879",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26879"
        },
        {
          "name": "oval:org.mitre.oval:def:10887",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1599"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
        },
        {
          "name": "26368",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26368"
        },
        {
          "name": "MDKSA-2007:169",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
        },
        {
          "name": "20070803 FLEA-2007-0041-1 gdm",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
        },
        {
          "name": "RHSA-2007:0777",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
        },
        {
          "name": "1018523",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018523"
        },
        {
          "name": "26900",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26900"
        },
        {
          "name": "26520",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26520"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-3381",
    "datePublished": "2007-08-07T10:00:00",
    "dateReserved": "2007-06-25T00:00:00",
    "dateUpdated": "2024-08-07T14:14:12.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.14.12\", \"matchCriteriaId\": \"4A68E297-5F50-4DFA-AF70-06B016B852D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"501714EA-1C5D-4EA7-B069-8E6521574AC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2D650E6-F568-4B7F-8913-3DC10E8F4201\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3296F925-6D41-4DA7-BDB2-3B04CF22A53B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7960EC63-69CF-474C-996C-E431CCDD07E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A38317A3-3725-4F32-B675-00F8FB288F51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B760EB2A-6461-477F-B7E5-857117E21AE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7756E66E-2296-4B20-ABC0-B1A2ACF2657B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC30F499-35B6-40BB-A420-A55F6993DF3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70640B9F-4EAA-4513-80E4-9DD4A862F27D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B84ACF2-E06C-47E5-B221-78285238BA78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1F316D7-4D67-4B2E-8418-B89466AA5CDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6721626F-3335-446F-95C4-7B150C2FE2E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA624500-6AC3-4991-A185-619E3F76A384\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1544DE39-DA4B-452C-A38C-D15E0EC5148F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B261D656-8C46-4F0A-93DD-8540B21BC1FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24A39F8A-D0F4-480E-904C-8FB906C6D72F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4210033A-0FD1-43A7-BCDC-9A4ADFEBB1DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBD5D3BD-9988-4421-8C2B-1EE907CFA986\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F8D697C-AD36-446A-945A-0746898FFD5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF3072E1-A8AA-4C7B-B395-3F490943FED3\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6721626F-3335-446F-95C4-7B150C2FE2E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA624500-6AC3-4991-A185-619E3F76A384\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1544DE39-DA4B-452C-A38C-D15E0EC5148F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B261D656-8C46-4F0A-93DD-8540B21BC1FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"832DE81E-18BB-4276-A6B0-F316A322E83E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.16.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D01F3328-9DB5-4C75-A9BD-96243975A362\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24D361EF-B35F-46D9-9DF3-9254FFAD0A1F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"638AAAB0-2077-49F1-A909-0814C94EF96E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4E525EF-0702-42BD-AA45-00AB721DE9B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.18.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09B6D822-D0D6-423E-AE9A-7510C06005A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.18.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"323B1859-30F3-4787-8A35-46A8189D4C5E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14C57E06-FBAB-4950-810D-ADDD74D271FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.19.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7359FE6-4BD1-4D3C-BCF5-6F2741FC1997\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.19.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7888E478-E756-48FB-B3E3-534873B5F1D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.19.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A82FCA7-76F6-48CE-8886-79AD9094EBF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.19.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75DCBC45-71FC-4850-A7E0-6051AE38E4C7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.\"}, {\"lang\": \"es\", \"value\": \"El demonio GDM en GNOME Display Mangager (GDM) anterior a 2.14.13, 2.16.x anterior a 2.16.7, 2.18.x anterior a 2.18.4, y 2.19.x anterir a 2.19.5 no maneja adecuadamente valores de retorno nulos (NULL) de la funci\\u00f3n g_strsplit, lo cual permite a usuarios locales provocar una denegaci\\u00f3n de servicio (ca\\u00edda persistente del demonio) mediante un comando manipulado hacia el socket del demonio, relacionado con (1) gdm.c y (2) gdmconfig.c en daemon/, y (3) gdmconfig.c y (4) gdmflexiserver.c en gui/.\"}]",
      "id": "CVE-2007-3381",
      "lastModified": "2024-11-21T00:33:05.940",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:S/C:N/I:N/A:P\", \"baseScore\": 1.5, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 2.7, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-08-07T10:17:00.000",
      "references": "[{\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/26313\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26368\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26520\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26879\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26900\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200709-11.xml\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2007:169\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-0777.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/475451/30/5550/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/25191\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id?1018523\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2781\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://issues.rpath.com/browse/RPL-1599\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/26313\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26368\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26520\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26879\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26900\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200709-11.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2007:169\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-0777.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/475451/30/5550/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/25191\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018523\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2781\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://issues.rpath.com/browse/RPL-1599\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-3381\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2007-08-07T10:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.\"},{\"lang\":\"es\",\"value\":\"El demonio GDM en GNOME Display Mangager (GDM) anterior a 2.14.13, 2.16.x anterior a 2.16.7, 2.18.x anterior a 2.18.4, y 2.19.x anterir a 2.19.5 no maneja adecuadamente valores de retorno nulos (NULL) de la funci\u00f3n g_strsplit, lo cual permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda persistente del demonio) mediante un comando manipulado hacia el socket del demonio, relacionado con (1) gdm.c y (2) gdmconfig.c en daemon/, y (3) gdmconfig.c y (4) gdmflexiserver.c en gui/.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:S/C:N/I:N/A:P\",\"baseScore\":1.5,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":2.7,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.14.12\",\"matchCriteriaId\":\"4A68E297-5F50-4DFA-AF70-06B016B852D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"501714EA-1C5D-4EA7-B069-8E6521574AC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2D650E6-F568-4B7F-8913-3DC10E8F4201\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3296F925-6D41-4DA7-BDB2-3B04CF22A53B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7960EC63-69CF-474C-996C-E431CCDD07E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A38317A3-3725-4F32-B675-00F8FB288F51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B760EB2A-6461-477F-B7E5-857117E21AE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7756E66E-2296-4B20-ABC0-B1A2ACF2657B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC30F499-35B6-40BB-A420-A55F6993DF3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70640B9F-4EAA-4513-80E4-9DD4A862F27D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B84ACF2-E06C-47E5-B221-78285238BA78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1F316D7-4D67-4B2E-8418-B89466AA5CDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6721626F-3335-446F-95C4-7B150C2FE2E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA624500-6AC3-4991-A185-619E3F76A384\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1544DE39-DA4B-452C-A38C-D15E0EC5148F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B261D656-8C46-4F0A-93DD-8540B21BC1FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24A39F8A-D0F4-480E-904C-8FB906C6D72F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4210033A-0FD1-43A7-BCDC-9A4ADFEBB1DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBD5D3BD-9988-4421-8C2B-1EE907CFA986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F8D697C-AD36-446A-945A-0746898FFD5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF3072E1-A8AA-4C7B-B395-3F490943FED3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6721626F-3335-446F-95C4-7B150C2FE2E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA624500-6AC3-4991-A185-619E3F76A384\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1544DE39-DA4B-452C-A38C-D15E0EC5148F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B261D656-8C46-4F0A-93DD-8540B21BC1FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"832DE81E-18BB-4276-A6B0-F316A322E83E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D01F3328-9DB5-4C75-A9BD-96243975A362\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24D361EF-B35F-46D9-9DF3-9254FFAD0A1F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"638AAAB0-2077-49F1-A909-0814C94EF96E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4E525EF-0702-42BD-AA45-00AB721DE9B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.18.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09B6D822-D0D6-423E-AE9A-7510C06005A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.18.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"323B1859-30F3-4787-8A35-46A8189D4C5E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14C57E06-FBAB-4950-810D-ADDD74D271FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7359FE6-4BD1-4D3C-BCF5-6F2741FC1997\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.19.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7888E478-E756-48FB-B3E3-534873B5F1D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.19.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A82FCA7-76F6-48CE-8886-79AD9094EBF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.19.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75DCBC45-71FC-4850-A7E0-6051AE38E4C7\"}]}]}],\"references\":[{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/26313\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26368\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26520\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26879\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26900\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200709-11.xml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:169\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0777.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/475451/30/5550/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/25191\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id?1018523\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2781\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://issues.rpath.com/browse/RPL-1599\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26313\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26368\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26879\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26900\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200709-11.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0777.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/475451/30/5550/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/25191\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018523\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2781\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://issues.rpath.com/browse/RPL-1599\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2007-3381

Vulnerability from fkie_nvd - Published: 2007-08-07 10:17 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news
secalert@redhat.com	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes
secalert@redhat.com	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news
secalert@redhat.com	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news
secalert@redhat.com	http://secunia.com/advisories/26313	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/26368	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/26520	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/26879	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/26900	Vendor Advisory
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200709-11.xml
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDKSA-2007:169
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2007-0777.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/475451/30/5550/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/25191
secalert@redhat.com	http://www.securitytracker.com/id?1018523
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/2781	Vendor Advisory
secalert@redhat.com	https://issues.rpath.com/browse/RPL-1599
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887
af854a3a-2127-422b-91ae-364da2661108	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news
af854a3a-2127-422b-91ae-364da2661108	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes
af854a3a-2127-422b-91ae-364da2661108	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news
af854a3a-2127-422b-91ae-364da2661108	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26313	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26368	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26520	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26879	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26900	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200709-11.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2007:169
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2007-0777.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/475451/30/5550/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25191
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018523
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2781	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-1599
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887

Impacted products

Vendor	Product	Version
gnome	gdm	*
gnome	gdm	0.7
gnome	gdm	1.0
gnome	gdm	2.0
gnome	gdm	2.2
gnome	gdm	2.3
gnome	gdm	2.4
gnome	gdm	2.5
gnome	gdm	2.6
gnome	gdm	2.8
gnome	gdm	2.13
gnome	gdm	2.14
gnome	gdm	2.14.1
gnome	gdm	2.14.2
gnome	gdm	2.14.3
gnome	gdm	2.14.4
gnome	gdm	2.14.5
gnome	gdm	2.14.6
gnome	gdm	2.14.7
gnome	gdm	2.14.8
gnome	gdm	2.14.9
gnome	gdm	2.14.10
gnome	gdm	2.14.11
gnome	gdm	2.14.3
gnome	gdm	2.14.4
gnome	gdm	2.14.5
gnome	gdm	2.14.6
gnome	gdm	2.16
gnome	gdm	2.16.1
gnome	gdm	2.16.2
gnome	gdm	2.18
gnome	gdm	2.18.1
gnome	gdm	2.18.2
gnome	gdm	2.18.3
gnome	gdm	2.19
gnome	gdm	2.19.1
gnome	gdm	2.19.2
gnome	gdm	2.19.3
gnome	gdm	2.19.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A68E297-5F50-4DFA-AF70-06B016B852D2",
              "versionEndIncluding": "2.14.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "501714EA-1C5D-4EA7-B069-8E6521574AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3296F925-6D41-4DA7-BDB2-3B04CF22A53B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7960EC63-69CF-474C-996C-E431CCDD07E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A38317A3-3725-4F32-B675-00F8FB288F51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B760EB2A-6461-477F-B7E5-857117E21AE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC30F499-35B6-40BB-A420-A55F6993DF3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B84ACF2-E06C-47E5-B221-78285238BA78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1F316D7-4D67-4B2E-8418-B89466AA5CDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6721626F-3335-446F-95C4-7B150C2FE2E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA624500-6AC3-4991-A185-619E3F76A384",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1544DE39-DA4B-452C-A38C-D15E0EC5148F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B261D656-8C46-4F0A-93DD-8540B21BC1FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A39F8A-D0F4-480E-904C-8FB906C6D72F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4210033A-0FD1-43A7-BCDC-9A4ADFEBB1DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBD5D3BD-9988-4421-8C2B-1EE907CFA986",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F8D697C-AD36-446A-945A-0746898FFD5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF3072E1-A8AA-4C7B-B395-3F490943FED3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6721626F-3335-446F-95C4-7B150C2FE2E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA624500-6AC3-4991-A185-619E3F76A384",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1544DE39-DA4B-452C-A38C-D15E0EC5148F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B261D656-8C46-4F0A-93DD-8540B21BC1FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "832DE81E-18BB-4276-A6B0-F316A322E83E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01F3328-9DB5-4C75-A9BD-96243975A362",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "24D361EF-B35F-46D9-9DF3-9254FFAD0A1F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "638AAAB0-2077-49F1-A909-0814C94EF96E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E525EF-0702-42BD-AA45-00AB721DE9B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "09B6D822-D0D6-423E-AE9A-7510C06005A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "323B1859-30F3-4787-8A35-46A8189D4C5E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "14C57E06-FBAB-4950-810D-ADDD74D271FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7359FE6-4BD1-4D3C-BCF5-6F2741FC1997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7888E478-E756-48FB-B3E3-534873B5F1D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A82FCA7-76F6-48CE-8886-79AD9094EBF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75DCBC45-71FC-4850-A7E0-6051AE38E4C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/."
    },
    {
      "lang": "es",
      "value": "El demonio GDM en GNOME Display Mangager (GDM) anterior a 2.14.13, 2.16.x anterior a 2.16.7, 2.18.x anterior a 2.18.4, y 2.19.x anterir a 2.19.5 no maneja adecuadamente valores de retorno nulos (NULL) de la funci\u00f3n g_strsplit, lo cual permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda persistente del demonio) mediante un comando manipulado hacia el socket del demonio, relacionado con (1) gdm.c y (2) gdmconfig.c en daemon/, y (3) gdmconfig.c y (4) gdmflexiserver.c en gui/."
    }
  ],
  "id": "CVE-2007-3381",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 1.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 2.7,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-08-07T10:17:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26313"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26368"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26520"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26879"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26900"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/25191"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1018523"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2781"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-1599"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26879"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26900"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2781"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

RHSA-2007_0777

Vulnerability from csaf_redhat - Published: 2007-08-07 19:20 - Updated: 2024-11-22 01:20

Summary

Red Hat Security Advisory: gdm security and bug fix update

Notes

Topic

An updated gdm package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. A flaw was found in the way Gdm listens on its unix domain socket. A local user could crash a running X session by writing malicious data to Gdm's unix domain socket. (CVE-2007-3381) All users of gdm should upgrade to this updated package, which contains a backported patch that resolves this issue. Red Hat would like to thank JLANTHEA for reporting this issue.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated gdm package that fixes a security issue is now available for Red\nHat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Gdm (the GNOME Display Manager) is a highly configurable reimplementation\nof xdm, the X Display Manager. Gdm allows you to log into your system with\nthe X Window System running and supports running several different X\nsessions on your local machine at the same time.\n\nA flaw was found in the way Gdm listens on its unix domain socket.  A local\nuser could crash a running X session by writing malicious data to Gdm\u0027s\nunix domain socket. (CVE-2007-3381)\n\nAll users of gdm should upgrade to this updated package, which contains a\nbackported patch that resolves this issue.\n\nRed Hat would like to thank JLANTHEA for reporting this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2007:0777",
        "url": "https://access.redhat.com/errata/RHSA-2007:0777"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "247655",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247655"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0777.json"
      }
    ],
    "title": "Red Hat Security Advisory: gdm security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-22T01:20:25+00:00",
      "generator": {
        "date": "2024-11-22T01:20:25+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2007:0777",
      "initial_release_date": "2007-08-07T19:20:00+00:00",
      "revision_history": [
        {
          "date": "2007-08-07T19:20:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-08-07T15:20:04+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T01:20:25+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64",
                "product": {
                  "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64",
                  "product_id": "gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm-debuginfo@2.16.0-31.0.1.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdm-1:2.16.0-31.0.1.el5.x86_64",
                "product": {
                  "name": "gdm-1:2.16.0-31.0.1.el5.x86_64",
                  "product_id": "gdm-1:2.16.0-31.0.1.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm@2.16.0-31.0.1.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
                "product": {
                  "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
                  "product_id": "gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm-debuginfo@2.16.0-31.0.1.el5?arch=i386\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdm-1:2.16.0-31.0.1.el5.i386",
                "product": {
                  "name": "gdm-1:2.16.0-31.0.1.el5.i386",
                  "product_id": "gdm-1:2.16.0-31.0.1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm@2.16.0-31.0.1.el5?arch=i386\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gdm-1:2.16.0-31.0.1.el5.src",
                "product": {
                  "name": "gdm-1:2.16.0-31.0.1.el5.src",
                  "product_id": "gdm-1:2.16.0-31.0.1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm@2.16.0-31.0.1.el5?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
                "product": {
                  "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
                  "product_id": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm-debuginfo@2.16.0-31.0.1.el5?arch=ia64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdm-1:2.16.0-31.0.1.el5.ia64",
                "product": {
                  "name": "gdm-1:2.16.0-31.0.1.el5.ia64",
                  "product_id": "gdm-1:2.16.0-31.0.1.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm@2.16.0-31.0.1.el5?arch=ia64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
                "product": {
                  "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
                  "product_id": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm-debuginfo@2.16.0-31.0.1.el5?arch=ppc\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdm-1:2.16.0-31.0.1.el5.ppc",
                "product": {
                  "name": "gdm-1:2.16.0-31.0.1.el5.ppc",
                  "product_id": "gdm-1:2.16.0-31.0.1.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm@2.16.0-31.0.1.el5?arch=ppc\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
                "product": {
                  "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
                  "product_id": "gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm-debuginfo@2.16.0-31.0.1.el5?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdm-1:2.16.0-31.0.1.el5.s390x",
                "product": {
                  "name": "gdm-1:2.16.0-31.0.1.el5.s390x",
                  "product_id": "gdm-1:2.16.0-31.0.1.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm@2.16.0-31.0.1.el5?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-1:2.16.0-31.0.1.el5.i386"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-1:2.16.0-31.0.1.el5.ia64"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-1:2.16.0-31.0.1.el5.ppc"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-1:2.16.0-31.0.1.el5.s390x"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-1:2.16.0-31.0.1.el5.src"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-1:2.16.0-31.0.1.el5.x86_64"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.i386"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-1:2.16.0-31.0.1.el5.i386"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-1:2.16.0-31.0.1.el5.ia64"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-1:2.16.0-31.0.1.el5.ppc"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-1:2.16.0-31.0.1.el5.s390x"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-1:2.16.0-31.0.1.el5.src"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-1:2.16.0-31.0.1.el5.x86_64"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.i386"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "JLANTHEA"
          ]
        }
      ],
      "cve": "CVE-2007-3381",
      "discovery_date": "2007-07-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "247655"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Gdm denial of service",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:gdm-1:2.16.0-31.0.1.el5.i386",
          "5Client:gdm-1:2.16.0-31.0.1.el5.ia64",
          "5Client:gdm-1:2.16.0-31.0.1.el5.ppc",
          "5Client:gdm-1:2.16.0-31.0.1.el5.s390x",
          "5Client:gdm-1:2.16.0-31.0.1.el5.src",
          "5Client:gdm-1:2.16.0-31.0.1.el5.x86_64",
          "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
          "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
          "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
          "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
          "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64",
          "5Server:gdm-1:2.16.0-31.0.1.el5.i386",
          "5Server:gdm-1:2.16.0-31.0.1.el5.ia64",
          "5Server:gdm-1:2.16.0-31.0.1.el5.ppc",
          "5Server:gdm-1:2.16.0-31.0.1.el5.s390x",
          "5Server:gdm-1:2.16.0-31.0.1.el5.src",
          "5Server:gdm-1:2.16.0-31.0.1.el5.x86_64",
          "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
          "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
          "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
          "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
          "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3381"
        },
        {
          "category": "external",
          "summary": "RHBZ#247655",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247655"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3381",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3381"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3381",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3381"
        }
      ],
      "release_date": "2007-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-08-07T19:20:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:gdm-1:2.16.0-31.0.1.el5.i386",
            "5Client:gdm-1:2.16.0-31.0.1.el5.ia64",
            "5Client:gdm-1:2.16.0-31.0.1.el5.ppc",
            "5Client:gdm-1:2.16.0-31.0.1.el5.s390x",
            "5Client:gdm-1:2.16.0-31.0.1.el5.src",
            "5Client:gdm-1:2.16.0-31.0.1.el5.x86_64",
            "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
            "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
            "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
            "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
            "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64",
            "5Server:gdm-1:2.16.0-31.0.1.el5.i386",
            "5Server:gdm-1:2.16.0-31.0.1.el5.ia64",
            "5Server:gdm-1:2.16.0-31.0.1.el5.ppc",
            "5Server:gdm-1:2.16.0-31.0.1.el5.s390x",
            "5Server:gdm-1:2.16.0-31.0.1.el5.src",
            "5Server:gdm-1:2.16.0-31.0.1.el5.x86_64",
            "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
            "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
            "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
            "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
            "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0777"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Gdm denial of service"
    }
  ]
}

RHSA-2007:0777

Vulnerability from csaf_redhat - Published: 2007-08-07 19:20 - Updated: 2025-11-21 17:32

Summary

Red Hat Security Advisory: gdm security and bug fix update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated gdm package that fixes a security issue is now available for Red\nHat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Gdm (the GNOME Display Manager) is a highly configurable reimplementation\nof xdm, the X Display Manager. Gdm allows you to log into your system with\nthe X Window System running and supports running several different X\nsessions on your local machine at the same time.\n\nA flaw was found in the way Gdm listens on its unix domain socket.  A local\nuser could crash a running X session by writing malicious data to Gdm\u0027s\nunix domain socket. (CVE-2007-3381)\n\nAll users of gdm should upgrade to this updated package, which contains a\nbackported patch that resolves this issue.\n\nRed Hat would like to thank JLANTHEA for reporting this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2007:0777",
        "url": "https://access.redhat.com/errata/RHSA-2007:0777"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "247655",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247655"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0777.json"
      }
    ],
    "title": "Red Hat Security Advisory: gdm security and bug fix update",
    "tracking": {
      "current_release_date": "2025-11-21T17:32:08+00:00",
      "generator": {
        "date": "2025-11-21T17:32:08+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2007:0777",
      "initial_release_date": "2007-08-07T19:20:00+00:00",
      "revision_history": [
        {
          "date": "2007-08-07T19:20:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-08-07T15:20:04+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:32:08+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64",
                "product": {
                  "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64",
                  "product_id": "gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm-debuginfo@2.16.0-31.0.1.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdm-1:2.16.0-31.0.1.el5.x86_64",
                "product": {
                  "name": "gdm-1:2.16.0-31.0.1.el5.x86_64",
                  "product_id": "gdm-1:2.16.0-31.0.1.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm@2.16.0-31.0.1.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
                "product": {
                  "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
                  "product_id": "gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm-debuginfo@2.16.0-31.0.1.el5?arch=i386\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdm-1:2.16.0-31.0.1.el5.i386",
                "product": {
                  "name": "gdm-1:2.16.0-31.0.1.el5.i386",
                  "product_id": "gdm-1:2.16.0-31.0.1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm@2.16.0-31.0.1.el5?arch=i386\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gdm-1:2.16.0-31.0.1.el5.src",
                "product": {
                  "name": "gdm-1:2.16.0-31.0.1.el5.src",
                  "product_id": "gdm-1:2.16.0-31.0.1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm@2.16.0-31.0.1.el5?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
                "product": {
                  "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
                  "product_id": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm-debuginfo@2.16.0-31.0.1.el5?arch=ia64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdm-1:2.16.0-31.0.1.el5.ia64",
                "product": {
                  "name": "gdm-1:2.16.0-31.0.1.el5.ia64",
                  "product_id": "gdm-1:2.16.0-31.0.1.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm@2.16.0-31.0.1.el5?arch=ia64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
                "product": {
                  "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
                  "product_id": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm-debuginfo@2.16.0-31.0.1.el5?arch=ppc\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdm-1:2.16.0-31.0.1.el5.ppc",
                "product": {
                  "name": "gdm-1:2.16.0-31.0.1.el5.ppc",
                  "product_id": "gdm-1:2.16.0-31.0.1.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm@2.16.0-31.0.1.el5?arch=ppc\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
                "product": {
                  "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
                  "product_id": "gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm-debuginfo@2.16.0-31.0.1.el5?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdm-1:2.16.0-31.0.1.el5.s390x",
                "product": {
                  "name": "gdm-1:2.16.0-31.0.1.el5.s390x",
                  "product_id": "gdm-1:2.16.0-31.0.1.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdm@2.16.0-31.0.1.el5?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-1:2.16.0-31.0.1.el5.i386"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-1:2.16.0-31.0.1.el5.ia64"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-1:2.16.0-31.0.1.el5.ppc"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-1:2.16.0-31.0.1.el5.s390x"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-1:2.16.0-31.0.1.el5.src"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-1:2.16.0-31.0.1.el5.x86_64"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.i386"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-1:2.16.0-31.0.1.el5.i386"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-1:2.16.0-31.0.1.el5.ia64"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-1:2.16.0-31.0.1.el5.ppc"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-1:2.16.0-31.0.1.el5.s390x"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-1:2.16.0-31.0.1.el5.src"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-1:2.16.0-31.0.1.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-1:2.16.0-31.0.1.el5.x86_64"
        },
        "product_reference": "gdm-1:2.16.0-31.0.1.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.i386"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64"
        },
        "product_reference": "gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "JLANTHEA"
          ]
        }
      ],
      "cve": "CVE-2007-3381",
      "discovery_date": "2007-07-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "247655"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Gdm denial of service",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:gdm-1:2.16.0-31.0.1.el5.i386",
          "5Client:gdm-1:2.16.0-31.0.1.el5.ia64",
          "5Client:gdm-1:2.16.0-31.0.1.el5.ppc",
          "5Client:gdm-1:2.16.0-31.0.1.el5.s390x",
          "5Client:gdm-1:2.16.0-31.0.1.el5.src",
          "5Client:gdm-1:2.16.0-31.0.1.el5.x86_64",
          "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
          "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
          "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
          "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
          "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64",
          "5Server:gdm-1:2.16.0-31.0.1.el5.i386",
          "5Server:gdm-1:2.16.0-31.0.1.el5.ia64",
          "5Server:gdm-1:2.16.0-31.0.1.el5.ppc",
          "5Server:gdm-1:2.16.0-31.0.1.el5.s390x",
          "5Server:gdm-1:2.16.0-31.0.1.el5.src",
          "5Server:gdm-1:2.16.0-31.0.1.el5.x86_64",
          "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
          "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
          "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
          "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
          "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3381"
        },
        {
          "category": "external",
          "summary": "RHBZ#247655",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247655"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3381",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3381"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3381",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3381"
        }
      ],
      "release_date": "2007-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-08-07T19:20:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:gdm-1:2.16.0-31.0.1.el5.i386",
            "5Client:gdm-1:2.16.0-31.0.1.el5.ia64",
            "5Client:gdm-1:2.16.0-31.0.1.el5.ppc",
            "5Client:gdm-1:2.16.0-31.0.1.el5.s390x",
            "5Client:gdm-1:2.16.0-31.0.1.el5.src",
            "5Client:gdm-1:2.16.0-31.0.1.el5.x86_64",
            "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
            "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
            "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
            "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
            "5Client:gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64",
            "5Server:gdm-1:2.16.0-31.0.1.el5.i386",
            "5Server:gdm-1:2.16.0-31.0.1.el5.ia64",
            "5Server:gdm-1:2.16.0-31.0.1.el5.ppc",
            "5Server:gdm-1:2.16.0-31.0.1.el5.s390x",
            "5Server:gdm-1:2.16.0-31.0.1.el5.src",
            "5Server:gdm-1:2.16.0-31.0.1.el5.x86_64",
            "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.i386",
            "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.ia64",
            "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.ppc",
            "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.s390x",
            "5Server:gdm-debuginfo-1:2.16.0-31.0.1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0777"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Gdm denial of service"
    }
  ]
}

GSD-2007-3381

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-3381

Aliases

CVE-2007-3381

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-3381",
    "description": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.",
    "id": "GSD-2007-3381",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-3381.html",
      "https://access.redhat.com/errata/RHSA-2007:0777",
      "https://linux.oracle.com/cve/CVE-2007-3381.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-3381"
      ],
      "details": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.",
      "id": "GSD-2007-3381",
      "modified": "2023-12-13T01:21:41.628422Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2007-3381",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news",
            "refsource": "MISC",
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
          },
          {
            "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes",
            "refsource": "MISC",
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
          },
          {
            "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news",
            "refsource": "MISC",
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
          },
          {
            "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news",
            "refsource": "MISC",
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
          },
          {
            "name": "http://secunia.com/advisories/26313",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/26313"
          },
          {
            "name": "http://secunia.com/advisories/26368",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/26368"
          },
          {
            "name": "http://secunia.com/advisories/26520",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/26520"
          },
          {
            "name": "http://secunia.com/advisories/26879",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/26879"
          },
          {
            "name": "http://secunia.com/advisories/26900",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/26900"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-200709-11.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2007-0777.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/25191",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/25191"
          },
          {
            "name": "http://www.securitytracker.com/id?1018523",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id?1018523"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2007/2781",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2007/2781"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-1599",
            "refsource": "MISC",
            "url": "https://issues.rpath.com/browse/RPL-1599"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.14.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.14.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.14.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.14.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.14.12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.14.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.14.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.16.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.16.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.18.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.18.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.18.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.19.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.19.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.19.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gdm:2.19.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2007-3381"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
            },
            {
              "name": "26313",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26313"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1599",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://issues.rpath.com/browse/RPL-1599"
            },
            {
              "name": "GLSA-200709-11",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
            },
            {
              "name": "MDKSA-2007:169",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
            },
            {
              "name": "RHSA-2007:0777",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
            },
            {
              "name": "25191",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25191"
            },
            {
              "name": "1018523",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018523"
            },
            {
              "name": "26368",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26368"
            },
            {
              "name": "26520",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26520"
            },
            {
              "name": "26900",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26900"
            },
            {
              "name": "26879",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26879"
            },
            {
              "name": "ADV-2007-2781",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2781"
            },
            {
              "name": "oval:org.mitre.oval:def:10887",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
            },
            {
              "name": "20070803 FLEA-2007-0041-1 gdm",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 1.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 2.7,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-16T16:48Z",
      "publishedDate": "2007-08-07T10:17Z"
    }
  }
}

GHSA-GFGF-H5FJ-26VX

Vulnerability from github – Published: 2022-05-01 18:13 – Updated: 2022-05-01 18:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-3381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-08-07T10:17:00Z",
    "severity": "LOW"
  },
  "details": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.",
  "id": "GHSA-gfgf-h5fj-26vx",
  "modified": "2022-05-01T18:13:14Z",
  "published": "2022-05-01T18:13:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3381"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-1599"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
    },
    {
      "type": "WEB",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
    },
    {
      "type": "WEB",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
    },
    {
      "type": "WEB",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
    },
    {
      "type": "WEB",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26313"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26368"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26520"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26879"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26900"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25191"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018523"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2781"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-3381 (GCVE-0-2007-3381)

FKIE_CVE-2007-3381

RHSA-2007_0777

RHSA-2007:0777

GSD-2007-3381

GHSA-GFGF-H5FJ-26VX

Tags

Sightings

Nomenclature