fkie_nvd - fkie_cve-2010-2387

FKIE_CVE-2010-2387

Vulnerability from fkie_nvd - Published: 2012-12-21 05:46 - Updated: 2025-04-11 00:51

Severity ?

Summary

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.

References

URL	Tags
secalert_us@oracle.com	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes
secalert_us@oracle.com	http://secunia.com/advisories/40690	Vendor Advisory
secalert_us@oracle.com	http://secunia.com/advisories/40780	Vendor Advisory
secalert_us@oracle.com	http://www.auscert.org.au/13123	US Government Resource
secalert_us@oracle.com	http://www.osvdb.org/66643
secalert_us@oracle.com	https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure
secalert_us@oracle.com	https://bugzilla.gnome.org/show_bug.cgi?id=571846
secalert_us@oracle.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/60642
af854a3a-2127-422b-91ae-364da2661108	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40690	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40780	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.auscert.org.au/13123	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/66643
af854a3a-2127-422b-91ae-364da2661108	https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.gnome.org/show_bug.cgi?id=571846
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/60642

Impacted products

Vendor	Product	Version
gnome	gnome_display_manager	2.20.0
gnome	gnome_display_manager	2.20.1
gnome	gnome_display_manager	2.20.2
gnome	gnome_display_manager	2.20.3
gnome	gnome_display_manager	2.20.4
gnome	gnome_display_manager	2.20.5
gnome	gnome_display_manager	2.20.6
gnome	gnome_display_manager	2.20.7
gnome	gnome_display_manager	2.20.8
gnome	gnome_display_manager	2.20.9
gnome	gnome_display_manager	2.20.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8C72BE3-BDD4-4A88-8E2A-7C8224B02F76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "706CCECA-D2FC-40E6-B587-B6E3DD62075D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DA2D465-D13D-4871-A15F-BD54C602867D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C53894-4DA5-425F-9DEB-C0371B206FBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "06EB6BB7-9C4E-4D6B-8ED1-3588E290ADEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "409CA831-8DD2-4ED0-9E46-E6EACA01D818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80F8AA1-0DBA-4B4A-8003-0977632EB92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "67E978B3-1614-4591-B58E-9BA781AE0BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5535C17-2D38-49EC-8D44-F99F0B2BEB5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4EA4E1-3B52-4DD1-930D-8E88A2494D22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "943E0B71-8FC7-46FB-BA5D-E3A2FD78636F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
    },
    {
      "lang": "es",
      "value": "vicious-extensions/ve-misc.c en GNOME Display Manager (GDM) v2.20.x antes de v2.20.11, cuando la depuraci\u00f3n GDM est\u00e1 habilitada, registra la contrase\u00f1a de usuario cuando contiene caracteres no v\u00e1lidos UTF8 codificados, lo que podr\u00eda permitir a usuarios locales obtener privilegios mediante la lectura de la informaci\u00f3n de los registros de syslog."
    }
  ],
  "id": "CVE-2010-2387",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-12-21T05:46:13.853",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40690"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40780"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.auscert.org.au/13123"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.osvdb.org/66643"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.auscert.org.au/13123"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/66643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2010-2387 (GCVE-0-2010-2387)

Vulnerability from cvelistv5 – Published: 2012-12-21 02:00 – Updated: 2024-08-07 02:32

Summary

Severity ?

No CVSS data available.

CWE

Assigner

oracle

References

URL

Tags

	https://bugzilla.gnome.org/show_bug.cgi?id=571846	x_refsource_CONFIRM
	http://www.auscert.org.au/13123	third-party-advisoryx_refsource_AUSCERT
	https://blogs.oracle.com/sunsecurity/entry/cve_20…	x_refsource_CONFIRM
	http://secunia.com/advisories/40690	third-party-advisoryx_refsource_SECUNIA
	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/g…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/40780	third-party-advisoryx_refsource_SECUNIA
	http://www.osvdb.org/66643	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:32:16.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
          },
          {
            "name": "ASB-2010.0184",
            "tags": [
              "third-party-advisory",
              "x_refsource_AUSCERT",
              "x_transferred"
            ],
            "url": "http://www.auscert.org.au/13123"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
          },
          {
            "name": "40690",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40690"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
          },
          {
            "name": "solaris-gdm-information-disclosure(60642)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
          },
          {
            "name": "40780",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40780"
          },
          {
            "name": "66643",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/66643"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
        },
        {
          "name": "ASB-2010.0184",
          "tags": [
            "third-party-advisory",
            "x_refsource_AUSCERT"
          ],
          "url": "http://www.auscert.org.au/13123"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
        },
        {
          "name": "40690",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40690"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
        },
        {
          "name": "solaris-gdm-information-disclosure(60642)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
        },
        {
          "name": "40780",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40780"
        },
        {
          "name": "66643",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/66643"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-2387",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.gnome.org/show_bug.cgi?id=571846",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
            },
            {
              "name": "ASB-2010.0184",
              "refsource": "AUSCERT",
              "url": "http://www.auscert.org.au/13123"
            },
            {
              "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure",
              "refsource": "CONFIRM",
              "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
            },
            {
              "name": "40690",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40690"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes",
              "refsource": "CONFIRM",
              "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
            },
            {
              "name": "solaris-gdm-information-disclosure(60642)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
            },
            {
              "name": "40780",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40780"
            },
            {
              "name": "66643",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/66643"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-2387",
    "datePublished": "2012-12-21T02:00:00",
    "dateReserved": "2010-06-21T00:00:00",
    "dateUpdated": "2024-08-07T02:32:16.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2010-2387

CVE-2010-2387 (GCVE-0-2010-2387)

Tags

Sightings

Nomenclature