CVE-2006-2452 (GCVE-0-2006-2452)
Vulnerability from cvelistv5 – Published: 2006-06-09 10:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-2452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"name": "http://bugzilla.gnome.org/show_bug.cgi?id=343476",
"refsource": "CONFIRM",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-2452",
"datePublished": "2006-06-09T10:00:00",
"dateReserved": "2006-05-18T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7756E66E-2296-4B20-ABC0-B1A2ACF2657B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B935ABD7-CCDF-4A23-8899-4243D66E9486\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70640B9F-4EAA-4513-80E4-9DD4A862F27D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27A6CC80-BC52-4B39-9424-E96DDA03666E\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \\\"face browser\\\" feature is enabled, allows local users to access the \\\"Configure Login Manager\\\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.\"}]",
"id": "CVE-2006-2452",
"lastModified": "2024-11-21T00:11:21.113",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 3.7, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 1.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
"published": "2006-06-09T10:02:00.000",
"references": "[{\"url\": \"http://bugzilla.gnome.org/show_bug.cgi?id=343476\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/20532\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/20552\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/20587\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/20627\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/20636\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2006:100\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/436428\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/18332\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2239\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27018\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://usn.ubuntu.com/293-1/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://bugzilla.gnome.org/show_bug.cgi?id=343476\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/20532\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/20552\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/20587\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/20627\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/20636\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2006:100\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/436428\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/18332\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2239\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27018\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/293-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2006-2452\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2006-06-09T10:02:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \\\"face browser\\\" feature is enabled, allows local users to access the \\\"Configure Login Manager\\\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":3.7,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":1.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7756E66E-2296-4B20-ABC0-B1A2ACF2657B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B935ABD7-CCDF-4A23-8899-4243D66E9486\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70640B9F-4EAA-4513-80E4-9DD4A862F27D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27A6CC80-BC52-4B39-9424-E96DDA03666E\"}]}]}],\"references\":[{\"url\":\"http://bugzilla.gnome.org/show_bug.cgi?id=343476\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/20532\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/20552\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/20587\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/20627\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/20636\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:100\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/436428\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/18332\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2239\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27018\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://usn.ubuntu.com/293-1/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://bugzilla.gnome.org/show_bug.cgi?id=343476\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20532\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20552\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20587\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20627\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20636\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:100\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/436428\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18332\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2239\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/293-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…