Vulnerabilites related to gnome - gdm
CVE-2003-0794 (GCVE-0-2003-0794)
Vulnerability from cvelistv5
Published
2003-10-21 04:00
Modified
2024-08-08 02:05
Severity ?
CWE
  • n/a
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:05:12.556Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "gdm-command-dos(13448)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
          },
          {
            "name": "MDKSA-2003:100",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
          },
          {
            "name": "CLA-2003:766",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
          },
          {
            "name": "8846",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/8846"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "gdm-command-dos(13448)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
        },
        {
          "name": "MDKSA-2003:100",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
        },
        {
          "name": "CLA-2003:766",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
        },
        {
          "name": "8846",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/8846"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0794",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "gdm-command-dos(13448)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
            },
            {
              "name": "MDKSA-2003:100",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
            },
            {
              "name": "CLA-2003:766",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
            },
            {
              "name": "8846",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/8846"
            },
            {
              "name": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome",
              "refsource": "CONFIRM",
              "url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0794",
    "datePublished": "2003-10-21T04:00:00",
    "dateReserved": "2003-09-17T00:00:00",
    "dateUpdated": "2024-08-08T02:05:12.556Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1709 (GCVE-0-2011-1709)
Vulnerability from cvelistv5
Published
2011-06-14 17:00
Modified
2024-08-06 22:37
Severity ?
CWE
  • n/a
Summary
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:37:25.814Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
          },
          {
            "name": "44797",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44797"
          },
          {
            "name": "FEDORA-2011-7822",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
          },
          {
            "name": "USN-1142-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1142-1"
          },
          {
            "name": "48084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48084"
          },
          {
            "name": "openSUSE-SU-2011:0581",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/8643655"
          },
          {
            "name": "44808",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44808"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-09-07T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
        },
        {
          "name": "44797",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44797"
        },
        {
          "name": "FEDORA-2011-7822",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
        },
        {
          "name": "USN-1142-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1142-1"
        },
        {
          "name": "48084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48084"
        },
        {
          "name": "openSUSE-SU-2011:0581",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/8643655"
        },
        {
          "name": "44808",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44808"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1709",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news",
              "refsource": "CONFIRM",
              "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
            },
            {
              "name": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
            },
            {
              "name": "44797",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44797"
            },
            {
              "name": "FEDORA-2011-7822",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
            },
            {
              "name": "USN-1142-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1142-1"
            },
            {
              "name": "48084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/48084"
            },
            {
              "name": "openSUSE-SU-2011:0581",
              "refsource": "SUSE",
              "url": "https://hermes.opensuse.org/messages/8643655"
            },
            {
              "name": "44808",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44808"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=709139",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1709",
    "datePublished": "2011-06-14T17:00:00",
    "dateReserved": "2011-04-15T00:00:00",
    "dateUpdated": "2024-08-06T22:37:25.814Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2000-0491 (GCVE-0-2000-0491)
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:21
Severity ?
CWE
  • n/a
Summary
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T05:21:30.809Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20000607 Conectiva Linux Security Announcement - gdm",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html"
          },
          {
            "name": "1279",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/1279"
          },
          {
            "name": "1370",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/1370"
          },
          {
            "name": "1233",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/1233"
          },
          {
            "name": "20000524 Security hole in gdm \u003c= 2.0beta4-25",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/suse_security_announce_49.html"
          },
          {
            "name": "CSSA-2000-013.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt"
          },
          {
            "name": "20000521 \"gdm\" remote hole",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2000-05-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-04-27T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20000607 Conectiva Linux Security Announcement - gdm",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html"
        },
        {
          "name": "1279",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/1279"
        },
        {
          "name": "1370",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/1370"
        },
        {
          "name": "1233",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/1233"
        },
        {
          "name": "20000524 Security hole in gdm \u003c= 2.0beta4-25",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/suse_security_announce_49.html"
        },
        {
          "name": "CSSA-2000-013.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt"
        },
        {
          "name": "20000521 \"gdm\" remote hole",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2000-0491",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20000607 Conectiva Linux Security Announcement - gdm",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html"
            },
            {
              "name": "1279",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/1279"
            },
            {
              "name": "1370",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/1370"
            },
            {
              "name": "1233",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/1233"
            },
            {
              "name": "20000524 Security hole in gdm \u003c= 2.0beta4-25",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/suse_security_announce_49.html"
            },
            {
              "name": "CSSA-2000-013.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt"
            },
            {
              "name": "20000521 \"gdm\" remote hole",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2000-0491",
    "datePublished": "2000-07-12T04:00:00",
    "dateReserved": "2000-07-11T00:00:00",
    "dateUpdated": "2024-08-08T05:21:30.809Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-0793 (GCVE-0-2003-0793)
Vulnerability from cvelistv5
Published
2003-10-21 04:00
Modified
2024-08-08 02:05
Severity ?
CWE
  • n/a
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:05:12.607Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDKSA-2003:100",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
          },
          {
            "name": "gdm-dos(13447)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
          },
          {
            "name": "CLA-2003:766",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
          },
          {
            "name": "8846",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/8846"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDKSA-2003:100",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
        },
        {
          "name": "gdm-dos(13447)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
        },
        {
          "name": "CLA-2003:766",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
        },
        {
          "name": "8846",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/8846"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0793",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDKSA-2003:100",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
            },
            {
              "name": "gdm-dos(13447)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
            },
            {
              "name": "CLA-2003:766",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
            },
            {
              "name": "8846",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/8846"
            },
            {
              "name": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome",
              "refsource": "CONFIRM",
              "url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0793",
    "datePublished": "2003-10-21T04:00:00",
    "dateReserved": "2003-09-17T00:00:00",
    "dateUpdated": "2024-08-08T02:05:12.607Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-12164 (GCVE-0-2017-12164)
Vulnerability from cvelistv5
Published
2018-07-26 16:00
Modified
2024-08-05 18:28
CWE
Summary
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
Impacted products
Vendor Product Version
GNOME gdm Version: 3.24.1
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:28:16.573Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "gdm",
          "vendor": "GNOME",
          "versions": [
            {
              "status": "affected",
              "version": "3.24.1"
            }
          ]
        }
      ],
      "datePublic": "2017-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select \u0027login as another user\u0027 to unlock their screen."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-592",
              "description": "CWE-592",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-26T15:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-12164",
    "datePublished": "2018-07-26T16:00:00",
    "dateReserved": "2017-08-01T00:00:00",
    "dateUpdated": "2024-08-05T18:28:16.573Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2000-0504 (GCVE-0-2000-0504)
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 05:21
Severity ?
CWE
  • n/a
Summary
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T05:21:31.029Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.xfree86.org/security/"
          },
          {
            "name": "1369",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/1369"
          },
          {
            "name": "20000619 XFree86: libICE DoS",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2000-06-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-02T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.xfree86.org/security/"
        },
        {
          "name": "1369",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/1369"
        },
        {
          "name": "20000619 XFree86: libICE DoS",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2000-0504",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.xfree86.org/security/",
              "refsource": "CONFIRM",
              "url": "http://www.xfree86.org/security/"
            },
            {
              "name": "1369",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/1369"
            },
            {
              "name": "20000619 XFree86: libICE DoS",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2000-0504",
    "datePublished": "2001-05-07T04:00:00",
    "dateReserved": "2000-07-11T00:00:00",
    "dateUpdated": "2024-08-08T05:21:31.029Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-2452 (GCVE-0-2006-2452)
Vulnerability from cvelistv5
Published
2006-06-09 10:00
Modified
2024-08-07 17:51
Severity ?
CWE
  • n/a
Summary
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
References
http://secunia.com/advisories/20532 third-party-advisory, x_refsource_SECUNIA
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html vendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/20627 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/2239 vdb-entry, x_refsource_VUPEN
https://usn.ubuntu.com/293-1/ vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/archive/1/436428 mailing-list, x_refsource_BUGTRAQ
http://bugzilla.gnome.org/show_bug.cgi?id=343476 x_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/18332 vdb-entry, x_refsource_BID
http://secunia.com/advisories/20636 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/27018 vdb-entry, x_refsource_XF
http://secunia.com/advisories/20587 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/20552 third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:100 vendor-advisory, x_refsource_MANDRIVA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:51:04.687Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20532",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20532"
          },
          {
            "name": "SUSE-SR:2006:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
          },
          {
            "name": "20627",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20627"
          },
          {
            "name": "ADV-2006-2239",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2239"
          },
          {
            "name": "USN-293-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/293-1/"
          },
          {
            "name": "20060608 rPSA-2006-0098-1 gdm",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/436428"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
          },
          {
            "name": "GLSA-200606-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
          },
          {
            "name": "18332",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18332"
          },
          {
            "name": "20636",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20636"
          },
          {
            "name": "gdm-facebrowser-security-bypass(27018)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
          },
          {
            "name": "20587",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20587"
          },
          {
            "name": "20552",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20552"
          },
          {
            "name": "MDKSA-2006:100",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "20532",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20532"
        },
        {
          "name": "SUSE-SR:2006:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
        },
        {
          "name": "20627",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20627"
        },
        {
          "name": "ADV-2006-2239",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2239"
        },
        {
          "name": "USN-293-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/293-1/"
        },
        {
          "name": "20060608 rPSA-2006-0098-1 gdm",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/436428"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
        },
        {
          "name": "GLSA-200606-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
        },
        {
          "name": "18332",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18332"
        },
        {
          "name": "20636",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20636"
        },
        {
          "name": "gdm-facebrowser-security-bypass(27018)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
        },
        {
          "name": "20587",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20587"
        },
        {
          "name": "20552",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20552"
        },
        {
          "name": "MDKSA-2006:100",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2006-2452",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20532",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20532"
            },
            {
              "name": "SUSE-SR:2006:013",
              "refsource": "SUSE",
              "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
            },
            {
              "name": "20627",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20627"
            },
            {
              "name": "ADV-2006-2239",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2239"
            },
            {
              "name": "USN-293-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/293-1/"
            },
            {
              "name": "20060608 rPSA-2006-0098-1 gdm",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/436428"
            },
            {
              "name": "http://bugzilla.gnome.org/show_bug.cgi?id=343476",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
            },
            {
              "name": "GLSA-200606-14",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
            },
            {
              "name": "18332",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18332"
            },
            {
              "name": "20636",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20636"
            },
            {
              "name": "gdm-facebrowser-security-bypass(27018)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
            },
            {
              "name": "20587",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20587"
            },
            {
              "name": "20552",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20552"
            },
            {
              "name": "MDKSA-2006:100",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-2452",
    "datePublished": "2006-06-09T10:00:00",
    "dateReserved": "2006-05-18T00:00:00",
    "dateUpdated": "2024-08-07T17:51:04.687Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-3381 (GCVE-0-2007-3381)
Vulnerability from cvelistv5
Published
2007-08-07 10:00
Modified
2024-08-07 14:14
Severity ?
CWE
  • n/a
Summary
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
References
http://security.gentoo.org/glsa/glsa-200709-11.xml vendor-advisory, x_refsource_GENTOO
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes x_refsource_CONFIRM
http://secunia.com/advisories/26313 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/2781 vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/25191 vdb-entry, x_refsource_BID
http://secunia.com/advisories/26879 third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887 vdb-entry, signature, x_refsource_OVAL
https://issues.rpath.com/browse/RPL-1599 x_refsource_CONFIRM
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news x_refsource_CONFIRM
http://secunia.com/advisories/26368 third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2007:169 vendor-advisory, x_refsource_MANDRIVA
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/475451/30/5550/threaded mailing-list, x_refsource_BUGTRAQ
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2007-0777.html vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id?1018523 vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/26900 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/26520 third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:14:12.887Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-200709-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
          },
          {
            "name": "26313",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26313"
          },
          {
            "name": "ADV-2007-2781",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2781"
          },
          {
            "name": "25191",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25191"
          },
          {
            "name": "26879",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26879"
          },
          {
            "name": "oval:org.mitre.oval:def:10887",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1599"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
          },
          {
            "name": "26368",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26368"
          },
          {
            "name": "MDKSA-2007:169",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
          },
          {
            "name": "20070803 FLEA-2007-0041-1 gdm",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
          },
          {
            "name": "RHSA-2007:0777",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
          },
          {
            "name": "1018523",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018523"
          },
          {
            "name": "26900",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26900"
          },
          {
            "name": "26520",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26520"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "GLSA-200709-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
        },
        {
          "name": "26313",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26313"
        },
        {
          "name": "ADV-2007-2781",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2781"
        },
        {
          "name": "25191",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25191"
        },
        {
          "name": "26879",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26879"
        },
        {
          "name": "oval:org.mitre.oval:def:10887",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1599"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
        },
        {
          "name": "26368",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26368"
        },
        {
          "name": "MDKSA-2007:169",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
        },
        {
          "name": "20070803 FLEA-2007-0041-1 gdm",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
        },
        {
          "name": "RHSA-2007:0777",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
        },
        {
          "name": "1018523",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018523"
        },
        {
          "name": "26900",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26900"
        },
        {
          "name": "26520",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26520"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-3381",
    "datePublished": "2007-08-07T10:00:00",
    "dateReserved": "2007-06-25T00:00:00",
    "dateUpdated": "2024-08-07T14:14:12.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-6105 (GCVE-0-2006-6105)
Vulnerability from cvelistv5
Published
2006-12-15 02:00
Modified
2024-08-07 20:12
Severity ?
CWE
  • n/a
Summary
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
References
http://secunia.com/advisories/23385 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23387 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/5015 vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/23409 third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1017383 vdb-entry, x_refsource_SECTRACK
http://securitytracker.com/id?1017320 vdb-entry, x_refsource_SECTRACK
http://www.osvdb.org/30848 vdb-entry, x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/30896 vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/21597 vdb-entry, x_refsource_BID
http://secunia.com/advisories/23381 third-party-advisory, x_refsource_SECUNIA
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453 third-party-advisory, x_refsource_IDEFENSE
http://www.novell.com/linux/security/advisories/2006_29_sr.html vendor-advisory, x_refsource_SUSE
http://www.mandriva.com/security/advisories?name=MDKSA-2006:231 vendor-advisory, x_refsource_MANDRIVA
http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news x_refsource_CONFIRM
http://www.ubuntu.com/usn/usn-396-1 vendor-advisory, x_refsource_UBUNTU
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:12:31.762Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "23385",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23385"
          },
          {
            "name": "23387",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23387"
          },
          {
            "name": "ADV-2006-5015",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/5015"
          },
          {
            "name": "23409",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23409"
          },
          {
            "name": "1017383",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017383"
          },
          {
            "name": "1017320",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017320"
          },
          {
            "name": "30848",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/30848"
          },
          {
            "name": "gdmchooser-host-chooser-format-string(30896)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
          },
          {
            "name": "21597",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21597"
          },
          {
            "name": "23381",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23381"
          },
          {
            "name": "20061214 GNOME Foundation Display Manager gdmchooser Format String Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
          },
          {
            "name": "SUSE-SR:2006:029",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
          },
          {
            "name": "MDKSA-2006:231",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
          },
          {
            "name": "USN-396-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-396-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-12-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "23385",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23385"
        },
        {
          "name": "23387",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23387"
        },
        {
          "name": "ADV-2006-5015",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/5015"
        },
        {
          "name": "23409",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23409"
        },
        {
          "name": "1017383",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017383"
        },
        {
          "name": "1017320",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017320"
        },
        {
          "name": "30848",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/30848"
        },
        {
          "name": "gdmchooser-host-chooser-format-string(30896)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
        },
        {
          "name": "21597",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21597"
        },
        {
          "name": "23381",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23381"
        },
        {
          "name": "20061214 GNOME Foundation Display Manager gdmchooser Format String Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
        },
        {
          "name": "SUSE-SR:2006:029",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
        },
        {
          "name": "MDKSA-2006:231",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
        },
        {
          "name": "USN-396-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-396-1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-6105",
    "datePublished": "2006-12-15T02:00:00",
    "dateReserved": "2006-11-24T00:00:00",
    "dateUpdated": "2024-08-07T20:12:31.762Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-0549 (GCVE-0-2003-0549)
Vulnerability from cvelistv5
Published
2003-08-22 04:00
Modified
2024-08-08 01:58
Severity ?
CWE
  • n/a
Summary
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:58:10.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CLA-2003:729",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
          },
          {
            "name": "RHSA-2003:258",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
          },
          {
            "name": "oval:org.mitre.oval:def:129",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129"
          },
          {
            "name": "RHSA-2003:259",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-08-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "CLA-2003:729",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
        },
        {
          "name": "RHSA-2003:258",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
        },
        {
          "name": "oval:org.mitre.oval:def:129",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129"
        },
        {
          "name": "RHSA-2003:259",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0549",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "CLA-2003:729",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
            },
            {
              "name": "RHSA-2003:258",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
            },
            {
              "name": "oval:org.mitre.oval:def:129",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129"
            },
            {
              "name": "RHSA-2003:259",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
            },
            {
              "name": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
              "refsource": "CONFIRM",
              "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0549",
    "datePublished": "2003-08-22T04:00:00",
    "dateReserved": "2003-07-14T00:00:00",
    "dateUpdated": "2024-08-08T01:58:10.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0727 (GCVE-0-2011-0727)
Vulnerability from cvelistv5
Published
2011-03-31 22:00
Modified
2024-08-06 22:05
Severity ?
CWE
  • n/a
Summary
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
References
http://www.ubuntu.com/usn/USN-1099-1 vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/43714 third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1025264 vdb-entry, x_refsource_SECTRACK
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/43854 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0847 vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2011/0787 vdb-entry, x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/66377 vdb-entry, x_refsource_XF
http://www.vupen.com/english/advisories/2011/0911 vdb-entry, x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2011:070 vendor-advisory, x_refsource_MANDRIVA
http://www.debian.org/security/2011/dsa-2205 vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2011-0395.html vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/47063 vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2011/0786 vdb-entry, x_refsource_VUPEN
http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html mailing-list, x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=688323 x_refsource_CONFIRM
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news x_refsource_CONFIRM
http://secunia.com/advisories/44021 third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html vendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2011/0797 vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:05:52.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-1099-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1099-1"
          },
          {
            "name": "43714",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43714"
          },
          {
            "name": "1025264",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025264"
          },
          {
            "name": "FEDORA-2011-4351",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
          },
          {
            "name": "43854",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43854"
          },
          {
            "name": "ADV-2011-0847",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0847"
          },
          {
            "name": "ADV-2011-0787",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0787"
          },
          {
            "name": "display-manager-priv-escalation(66377)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
          },
          {
            "name": "ADV-2011-0911",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0911"
          },
          {
            "name": "MDVSA-2011:070",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
          },
          {
            "name": "DSA-2205",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2205"
          },
          {
            "name": "RHSA-2011:0395",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
          },
          {
            "name": "47063",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47063"
          },
          {
            "name": "ADV-2011-0786",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0786"
          },
          {
            "name": "[gdm-list] 20110328 GDM 2.32.1 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
          },
          {
            "name": "44021",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44021"
          },
          {
            "name": "FEDORA-2011-4335",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
          },
          {
            "name": "ADV-2011-0797",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0797"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "name": "USN-1099-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1099-1"
        },
        {
          "name": "43714",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43714"
        },
        {
          "name": "1025264",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025264"
        },
        {
          "name": "FEDORA-2011-4351",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
        },
        {
          "name": "43854",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43854"
        },
        {
          "name": "ADV-2011-0847",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0847"
        },
        {
          "name": "ADV-2011-0787",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0787"
        },
        {
          "name": "display-manager-priv-escalation(66377)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
        },
        {
          "name": "ADV-2011-0911",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0911"
        },
        {
          "name": "MDVSA-2011:070",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
        },
        {
          "name": "DSA-2205",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2205"
        },
        {
          "name": "RHSA-2011:0395",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
        },
        {
          "name": "47063",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47063"
        },
        {
          "name": "ADV-2011-0786",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0786"
        },
        {
          "name": "[gdm-list] 20110328 GDM 2.32.1 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
        },
        {
          "name": "44021",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44021"
        },
        {
          "name": "FEDORA-2011-4335",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
        },
        {
          "name": "ADV-2011-0797",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0797"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "ID": "CVE-2011-0727",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-1099-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1099-1"
            },
            {
              "name": "43714",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43714"
            },
            {
              "name": "1025264",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025264"
            },
            {
              "name": "FEDORA-2011-4351",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
            },
            {
              "name": "43854",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43854"
            },
            {
              "name": "ADV-2011-0847",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0847"
            },
            {
              "name": "ADV-2011-0787",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0787"
            },
            {
              "name": "display-manager-priv-escalation(66377)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
            },
            {
              "name": "ADV-2011-0911",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0911"
            },
            {
              "name": "MDVSA-2011:070",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
            },
            {
              "name": "DSA-2205",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2205"
            },
            {
              "name": "RHSA-2011:0395",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
            },
            {
              "name": "47063",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47063"
            },
            {
              "name": "ADV-2011-0786",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0786"
            },
            {
              "name": "[gdm-list] 20110328 GDM 2.32.1 released",
              "refsource": "MLIST",
              "url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=688323",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news",
              "refsource": "CONFIRM",
              "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
            },
            {
              "name": "44021",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44021"
            },
            {
              "name": "FEDORA-2011-4335",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
            },
            {
              "name": "ADV-2011-0797",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0797"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2011-0727",
    "datePublished": "2011-03-31T22:00:00",
    "dateReserved": "2011-02-01T00:00:00",
    "dateUpdated": "2024-08-06T22:05:52.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-1057 (GCVE-0-2006-1057)
Vulnerability from cvelistv5
Published
2006-04-25 01:00
Modified
2024-08-07 16:56
Severity ?
CWE
  • n/a
Summary
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:56:15.504Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "gdm-slavec-symlink(26092)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
          },
          {
            "name": "ADV-2006-1465",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1465"
          },
          {
            "name": "MDKSA-2006:083",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
          },
          {
            "name": "DSA-1040",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1040"
          },
          {
            "name": "17635",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17635"
          },
          {
            "name": "RHSA-2007:0286",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10092",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
          },
          {
            "name": "FEDORA-2006-338",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
          },
          {
            "name": "USN-278-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/278-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "gdm-slavec-symlink(26092)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
        },
        {
          "name": "ADV-2006-1465",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1465"
        },
        {
          "name": "MDKSA-2006:083",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
        },
        {
          "name": "DSA-1040",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1040"
        },
        {
          "name": "17635",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17635"
        },
        {
          "name": "RHSA-2007:0286",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10092",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
        },
        {
          "name": "FEDORA-2006-338",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
        },
        {
          "name": "USN-278-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/278-1/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-1057",
    "datePublished": "2006-04-25T01:00:00",
    "dateReserved": "2006-03-07T00:00:00",
    "dateUpdated": "2024-08-07T16:56:15.504Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-1999-0990 (GCVE-0-1999-0990)
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:55
Severity ?
CWE
  • n/a
Summary
Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T16:55:29.404Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0990"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "1999-12-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-17T08:18:22",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0990"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-1999-0990",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0990",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0990"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-1999-0990",
    "datePublished": "2000-02-04T05:00:00",
    "dateReserved": "1999-12-14T00:00:00",
    "dateUpdated": "2024-08-01T16:55:29.404Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-0547 (GCVE-0-2003-0547)
Vulnerability from cvelistv5
Published
2003-08-22 04:00
Modified
2024-08-08 01:58
Severity ?
CWE
  • n/a
Summary
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:58:11.017Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CLA-2003:729",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
          },
          {
            "name": "RHSA-2003:258",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
          },
          {
            "name": "oval:org.mitre.oval:def:112",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
          },
          {
            "name": "20030824 [slackware-security]  GDM security update (SSA:2003-236-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-08-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "CLA-2003:729",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
        },
        {
          "name": "RHSA-2003:258",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
        },
        {
          "name": "oval:org.mitre.oval:def:112",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
        },
        {
          "name": "20030824 [slackware-security]  GDM security update (SSA:2003-236-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "CLA-2003:729",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
            },
            {
              "name": "RHSA-2003:258",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
            },
            {
              "name": "oval:org.mitre.oval:def:112",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
            },
            {
              "name": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
              "refsource": "CONFIRM",
              "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
            },
            {
              "name": "20030824 [slackware-security]  GDM security update (SSA:2003-236-01)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0547",
    "datePublished": "2003-08-22T04:00:00",
    "dateReserved": "2003-07-14T00:00:00",
    "dateUpdated": "2024-08-08T01:58:11.017Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-0548 (GCVE-0-2003-0548)
Vulnerability from cvelistv5
Published
2003-08-22 04:00
Modified
2024-08-08 01:58
Severity ?
CWE
  • n/a
Summary
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:58:10.905Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CLA-2003:729",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
          },
          {
            "name": "RHSA-2003:258",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
          },
          {
            "name": "oval:org.mitre.oval:def:113",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113"
          },
          {
            "name": "RHSA-2003:259",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-08-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "CLA-2003:729",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
        },
        {
          "name": "RHSA-2003:258",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
        },
        {
          "name": "oval:org.mitre.oval:def:113",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113"
        },
        {
          "name": "RHSA-2003:259",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0548",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "CLA-2003:729",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
            },
            {
              "name": "RHSA-2003:258",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
            },
            {
              "name": "oval:org.mitre.oval:def:113",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113"
            },
            {
              "name": "RHSA-2003:259",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
            },
            {
              "name": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
              "refsource": "CONFIRM",
              "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0548",
    "datePublished": "2003-08-22T04:00:00",
    "dateReserved": "2003-07-14T00:00:00",
    "dateUpdated": "2024-08-08T01:58:10.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-2697 (GCVE-0-2009-2697)
Vulnerability from cvelistv5
Published
2009-09-04 20:00
Modified
2024-08-07 05:59
Severity ?
CWE
  • n/a
Summary
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:59:56.942Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:9586",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
          },
          {
            "name": "36553",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36553"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
          },
          {
            "name": "36219",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36219"
          },
          {
            "name": "RHSA-2009:1364",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:9586",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
        },
        {
          "name": "36553",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36553"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
        },
        {
          "name": "36219",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36219"
        },
        {
          "name": "RHSA-2009:1364",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2697",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:9586",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
            },
            {
              "name": "36553",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36553"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=239818",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
            },
            {
              "name": "36219",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36219"
            },
            {
              "name": "RHSA-2009:1364",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2697",
    "datePublished": "2009-09-04T20:00:00",
    "dateReserved": "2009-08-05T00:00:00",
    "dateUpdated": "2024-08-07T05:59:56.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2011-06-14 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
Impacted products
Vendor Product Version
gnome gdm 1.0
gnome gdm 2.0
gnome gdm 2.2
gnome gdm 2.3
gnome gdm 2.4
gnome gdm 2.5
gnome gdm 2.6
gnome gdm 2.8
gnome gdm 2.13
gnome gdm 2.14
gnome gdm 2.15
gnome gdm 2.16
gnome gdm 2.17
gnome gdm 2.18
gnome gdm 2.19
gnome gdm 2.20
gnome gdm 2.21
gnome gdm 2.22
gnome gdm 2.23
gnome gdm 2.24
gnome gdm 2.25
gnome gdm 2.26
gnome gdm 2.27
gnome gdm 2.28
gnome gdm 2.29
gnome gdm 2.30
gnome gdm 2.31
gnome gdm 2.32
gnome gdm 2.32.1
gnome glib 2.28



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3296F925-6D41-4DA7-BDB2-3B04CF22A53B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7960EC63-69CF-474C-996C-E431CCDD07E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A38317A3-3725-4F32-B675-00F8FB288F51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B760EB2A-6461-477F-B7E5-857117E21AE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC30F499-35B6-40BB-A420-A55F6993DF3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "27A6CC80-BC52-4B39-9424-E96DDA03666E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "832DE81E-18BB-4276-A6B0-F316A322E83E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "898A4607-107C-460F-8CF8-DEF63876B1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "638AAAB0-2077-49F1-A909-0814C94EF96E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "14C57E06-FBAB-4950-810D-ADDD74D271FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AF56331-0008-4DFE-AB33-08399E48F499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA4F51E-0ACE-4B31-BC58-027691C04941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "C37ED748-3C65-45B7-B59E-718A14295E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF1C68D-408A-4150-92C5-C2C392410282",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A1C364D-5DDF-4B95-9545-AD3C6FD9C744",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D6C0790-C762-48E4-A0BB-9FAD864AA913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "062D578B-AEF0-452C-A3AA-4A0D3F919F62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "52BDEFAD-DE2B-4E1E-B155-203E7CEFCFD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9CD4961-40FC-4A01-A0D3-B904F479BAF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C3AC2D-F24A-4F0E-9433-1516BC61209A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF547BB-BD34-4A38-B01A-E0059F70F7EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB2319A-2356-492A-A479-57F8D546E688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "59F0314A-4DA4-4767-8FC0-D372302E5F67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.32.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B7C06C5-B328-47A2-8567-437A5B96FF1C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:glib:2.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A422B66-EC3B-4A01-8FCF-76716E2A23FE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
    },
    {
      "lang": "es",
      "value": "GNOME Display Manager (GDM) antes de v2.32.2, cuando se utiliza glib v2.28, permite la ejecuci\u00f3n de un navegador web con el uid de la cuenta de gdm, que permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores implican el tipo MIME x-scheme-handler/http."
    }
  ],
  "id": "CVE-2011-1709",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-06-14T17:55:03.673",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44797"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/44808"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/48084"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1142-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://hermes.opensuse.org/messages/8643655"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/48084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1142-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/8643655"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-04-25 01:02
Modified
2025-04-03 01:03
Severity ?
Summary
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
References
secalert@redhat.comhttp://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261
secalert@redhat.comhttp://www.debian.org/security/2006/dsa-1040Patch, Vendor Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:083
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2007-0286.html
secalert@redhat.comhttp://www.securityfocus.com/bid/17635
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/1465Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/26092
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092
secalert@redhat.comhttps://usn.ubuntu.com/278-1/
secalert@redhat.comhttps://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1040Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:083
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0286.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/17635
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/1465Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/26092
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/278-1/
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.htmlPatch
Impacted products
Vendor Product Version
gnome gdm 2.14



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file."
    }
  ],
  "id": "CVE-2006-1057",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-04-25T01:02:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1040"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/17635"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/1465"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://usn.ubuntu.com/278-1/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/1465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/278-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188302\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.  More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nThis issue does not affect Red Hat Enterprise Linux 2.1 and 3.",
      "lastModified": "2006-09-19T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-09-04 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
Impacted products
Vendor Product Version
gnome gdm *
gnome gdm 0.7
gnome gdm 1.0
gnome gdm 2.0
gnome gdm 2.2
gnome gdm 2.3
gnome gdm 2.4
gnome gdm 2.5
gnome gdm 2.6
gnome gdm 2.8
gnome gdm 2.13
gnome gdm 2.14
gnome gdm 2.15
redhat enterprise_linux 5



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD13F270-B165-47B7-BBA3-6D1EF33AD277",
              "versionEndIncluding": "2.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "501714EA-1C5D-4EA7-B069-8E6521574AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3296F925-6D41-4DA7-BDB2-3B04CF22A53B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7960EC63-69CF-474C-996C-E431CCDD07E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A38317A3-3725-4F32-B675-00F8FB288F51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B760EB2A-6461-477F-B7E5-857117E21AE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC30F499-35B6-40BB-A420-A55F6993DF3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "27A6CC80-BC52-4B39-9424-E96DDA03666E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079."
    },
    {
      "lang": "es",
      "value": "Red Hat build script para GNOME Display Manager (GDM) anterior a v2.16.0-56 en Red Hat Enterprise Linux (RHEL) v5 no da soporte a TCP Wrapper, lo que podr\u00eda permitir a atacantes remotos saltar las restricciones de acceso previstas a trav\u00e9s de conexiones XDMCP, una vulnerabilidad diferente que CVE-2007-5079."
    }
  ],
  "id": "CVE-2009-2697",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-04T20:30:00.217",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36553"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36219"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-03-31 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
References
security@ubuntu.comhttp://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news
security@ubuntu.comhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html
security@ubuntu.comhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html
security@ubuntu.comhttp://mail.gnome.org/archives/gdm-list/2011-March/msg00020.htmlPatch
security@ubuntu.comhttp://secunia.com/advisories/43714Vendor Advisory
security@ubuntu.comhttp://secunia.com/advisories/43854Vendor Advisory
security@ubuntu.comhttp://secunia.com/advisories/44021
security@ubuntu.comhttp://securitytracker.com/id?1025264
security@ubuntu.comhttp://www.debian.org/security/2011/dsa-2205
security@ubuntu.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:070
security@ubuntu.comhttp://www.redhat.com/support/errata/RHSA-2011-0395.html
security@ubuntu.comhttp://www.securityfocus.com/bid/47063
security@ubuntu.comhttp://www.ubuntu.com/usn/USN-1099-1
security@ubuntu.comhttp://www.vupen.com/english/advisories/2011/0786Vendor Advisory
security@ubuntu.comhttp://www.vupen.com/english/advisories/2011/0787Vendor Advisory
security@ubuntu.comhttp://www.vupen.com/english/advisories/2011/0797Vendor Advisory
security@ubuntu.comhttp://www.vupen.com/english/advisories/2011/0847
security@ubuntu.comhttp://www.vupen.com/english/advisories/2011/0911
security@ubuntu.comhttps://bugzilla.redhat.com/show_bug.cgi?id=688323Patch
security@ubuntu.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/66377
af854a3a-2127-422b-91ae-364da2661108http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html
af854a3a-2127-422b-91ae-364da2661108http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43714Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43854Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44021
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1025264
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2205
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:070
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0395.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/47063
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1099-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0786Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0787Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0797Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0847
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0911
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=688323Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/66377
Impacted products
Vendor Product Version
gnome gdm 2.0
gnome gdm 2.2
gnome gdm 2.3
gnome gdm 2.4
gnome gdm 2.5
gnome gdm 2.6
gnome gdm 2.8
gnome gdm 2.13
gnome gdm 2.14
gnome gdm 2.15
gnome gdm 2.16
gnome gdm 2.17
gnome gdm 2.18
gnome gdm 2.19
gnome gdm 2.20
gnome gdm 2.21
gnome gdm 2.22
gnome gdm 2.23
gnome gdm 2.24
gnome gdm 2.25
gnome gdm 2.26
gnome gdm 2.27
gnome gdm 2.28
gnome gdm 2.29
gnome gdm 2.30
gnome gdm 2.31
gnome gdm 2.32



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3296F925-6D41-4DA7-BDB2-3B04CF22A53B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7960EC63-69CF-474C-996C-E431CCDD07E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A38317A3-3725-4F32-B675-00F8FB288F51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B760EB2A-6461-477F-B7E5-857117E21AE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC30F499-35B6-40BB-A420-A55F6993DF3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "27A6CC80-BC52-4B39-9424-E96DDA03666E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "832DE81E-18BB-4276-A6B0-F316A322E83E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "898A4607-107C-460F-8CF8-DEF63876B1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "638AAAB0-2077-49F1-A909-0814C94EF96E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "14C57E06-FBAB-4950-810D-ADDD74D271FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AF56331-0008-4DFE-AB33-08399E48F499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA4F51E-0ACE-4B31-BC58-027691C04941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "C37ED748-3C65-45B7-B59E-718A14295E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF1C68D-408A-4150-92C5-C2C392410282",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A1C364D-5DDF-4B95-9545-AD3C6FD9C744",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D6C0790-C762-48E4-A0BB-9FAD864AA913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "062D578B-AEF0-452C-A3AA-4A0D3F919F62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "52BDEFAD-DE2B-4E1E-B155-203E7CEFCFD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9CD4961-40FC-4A01-A0D3-B904F479BAF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C3AC2D-F24A-4F0E-9433-1516BC61209A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF547BB-BD34-4A38-B01A-E0059F70F7EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB2319A-2356-492A-A479-57F8D546E688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "59F0314A-4DA4-4767-8FC0-D372302E5F67",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
    },
    {
      "lang": "es",
      "value": "GNOME Display Manager (GDM) v2.x anterior a v2.32.1 permite a usuarios locales cambiar el propietario de archivos arbitrarios mediante un ataque de enlace simb\u00f3lico en un (1) DMRC o (2) fichero de icono en /var/cache/gdm/."
    }
  ],
  "id": "CVE-2011-0727",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-03-31T22:55:02.350",
  "references": [
    {
      "source": "security@ubuntu.com",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Patch"
      ],
      "url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43714"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43854"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://secunia.com/advisories/44021"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://securitytracker.com/id?1025264"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.debian.org/security/2011/dsa-2205"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.securityfocus.com/bid/47063"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.ubuntu.com/usn/USN-1099-1"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0786"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0787"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0797"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.vupen.com/english/advisories/2011/0847"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.vupen.com/english/advisories/2011/0911"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43714"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1025264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1099-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0911"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
Impacted products
Vendor Product Version
gnome gdm 2.4.1
gnome gdm 2.4.1.1
gnome gdm 2.4.1.2
gnome gdm 2.4.1.3
gnome gdm 2.4.1.4
gnome gdm 2.4.1.5
gnome gdm 2.4.1.6
redhat kdebase 2.4.0.7.13
redhat kdebase 2.4.1.3.5



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96A777E-0CA3-404C-9EF9-AF5D276FB9F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44A4CEA3-1EFD-4926-8702-D9019449BF6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DF81497-99A3-49B9-9CEF-C94AA4FCC2A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B386DD54-80C4-44C1-9276-C875D0EEE8BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A905FFC-0DBA-4636-BDE7-77F21E0871AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA26805-862B-466F-AAE5-C8EF60312BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7DE2E4-5FCC-4F63-BB9F-F7EC77728F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:kdebase:2.4.0.7.13:*:i386:*:*:*:*:*",
              "matchCriteriaId": "8CDE0CDC-78C2-4AD8-8AD0-2A7293E6F8F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:kdebase:2.4.1.3.5:*:i386:*:*:*:*:*",
              "matchCriteriaId": "4E24847A-9164-4CDC-AD9C-087D7C03B24A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file."
    },
    {
      "lang": "es",
      "value": "GDM anteriores a 2.4.1.6, cuando usa la caracter\u00edstica \"examinar errores de sesi\u00f3n\", permite a usuarios locales leer ficheros arbitrario mediante un ataque de enlaces simb\u00f3licos en el fichero ~/.xsession-errors"
    }
  ],
  "id": "CVE-2003-0547",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-08-27T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2000-05-24 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
Impacted products
Vendor Product Version
gnome gdm 1.0
caldera openlinux *
suse suse_linux 6.2
suse suse_linux 6.4



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:caldera:openlinux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EC3F7E5-5D49-471B-A705-ADD2642E5B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B67020A-6942-4478-B501-764147C4970D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7786607A-362E-4817-A17E-C76D6A1F737D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request."
    }
  ],
  "id": "CVE-2000-0491",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2000-05-24T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/suse_security_announce_49.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/1233"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/1279"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/1370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/suse_security_announce_49.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/1233"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/1279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/1370"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-12-15 02:28
Modified
2025-04-09 00:30
Severity ?
Summary
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
References
secalert@redhat.comhttp://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news
secalert@redhat.comhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23381
secalert@redhat.comhttp://secunia.com/advisories/23385
secalert@redhat.comhttp://secunia.com/advisories/23387
secalert@redhat.comhttp://secunia.com/advisories/23409
secalert@redhat.comhttp://securitytracker.com/id?1017320Patch
secalert@redhat.comhttp://securitytracker.com/id?1017383
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:231
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_29_sr.html
secalert@redhat.comhttp://www.osvdb.org/30848
secalert@redhat.comhttp://www.securityfocus.com/bid/21597Patch
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-396-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/5015
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/30896
af854a3a-2127-422b-91ae-364da2661108http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23381
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23385
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23387
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23409
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017320Patch
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017383
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:231
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_29_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/30848
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/21597Patch
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-396-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/5015
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/30896
Impacted products
Vendor Product Version
gnome gdm 2.14.1
gnome gdm 2.16
gnome gdm 2.16.1
gnome gdm 2.16.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B84ACF2-E06C-47E5-B221-78285238BA78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "832DE81E-18BB-4276-A6B0-F316A322E83E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01F3328-9DB5-4C75-A9BD-96243975A362",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "24D361EF-B35F-46D9-9DF3-9254FFAD0A1F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de formato de cadena en la ventana de selecci\u00f3n de host (gdmchooser) en GNOME Foundation Display Manager (gdm) permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante especificadores de formato de  cadena en un nombre de host, que se utilizan en un mensaje de error."
    }
  ],
  "id": "CVE-2006-6105",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-12-15T02:28:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/23381"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/23385"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/23387"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/23409"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1017320"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1017383"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/30848"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/21597"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-396-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/5015"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1017320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/30848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/21597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-396-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/5015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "Not vulnerable.  This flaw was first introduced in gdm version 2.14.  Therefore these issues did not affect the earlier versions of gdm as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
      "lastModified": "2007-03-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-08-07 10:17
Modified
2025-04-09 00:30
Severity ?
Summary
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
References
secalert@redhat.comhttp://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news
secalert@redhat.comhttp://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes
secalert@redhat.comhttp://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news
secalert@redhat.comhttp://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news
secalert@redhat.comhttp://secunia.com/advisories/26313Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/26368Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/26520Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/26879Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/26900Vendor Advisory
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200709-11.xml
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:169
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2007-0777.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/475451/30/5550/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/25191
secalert@redhat.comhttp://www.securitytracker.com/id?1018523
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/2781Vendor Advisory
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-1599
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887
af854a3a-2127-422b-91ae-364da2661108http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news
af854a3a-2127-422b-91ae-364da2661108http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes
af854a3a-2127-422b-91ae-364da2661108http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news
af854a3a-2127-422b-91ae-364da2661108http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26313Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26368Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26520Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26879Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26900Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200709-11.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:169
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0777.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/475451/30/5550/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25191
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018523
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2781Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1599
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887
Impacted products
Vendor Product Version
gnome gdm *
gnome gdm 0.7
gnome gdm 1.0
gnome gdm 2.0
gnome gdm 2.2
gnome gdm 2.3
gnome gdm 2.4
gnome gdm 2.5
gnome gdm 2.6
gnome gdm 2.8
gnome gdm 2.13
gnome gdm 2.14
gnome gdm 2.14.1
gnome gdm 2.14.2
gnome gdm 2.14.3
gnome gdm 2.14.4
gnome gdm 2.14.5
gnome gdm 2.14.6
gnome gdm 2.14.7
gnome gdm 2.14.8
gnome gdm 2.14.9
gnome gdm 2.14.10
gnome gdm 2.14.11
gnome gdm 2.14.3
gnome gdm 2.14.4
gnome gdm 2.14.5
gnome gdm 2.14.6
gnome gdm 2.16
gnome gdm 2.16.1
gnome gdm 2.16.2
gnome gdm 2.18
gnome gdm 2.18.1
gnome gdm 2.18.2
gnome gdm 2.18.3
gnome gdm 2.19
gnome gdm 2.19.1
gnome gdm 2.19.2
gnome gdm 2.19.3
gnome gdm 2.19.4



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A68E297-5F50-4DFA-AF70-06B016B852D2",
              "versionEndIncluding": "2.14.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "501714EA-1C5D-4EA7-B069-8E6521574AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3296F925-6D41-4DA7-BDB2-3B04CF22A53B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7960EC63-69CF-474C-996C-E431CCDD07E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A38317A3-3725-4F32-B675-00F8FB288F51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B760EB2A-6461-477F-B7E5-857117E21AE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC30F499-35B6-40BB-A420-A55F6993DF3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B84ACF2-E06C-47E5-B221-78285238BA78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1F316D7-4D67-4B2E-8418-B89466AA5CDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6721626F-3335-446F-95C4-7B150C2FE2E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA624500-6AC3-4991-A185-619E3F76A384",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1544DE39-DA4B-452C-A38C-D15E0EC5148F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B261D656-8C46-4F0A-93DD-8540B21BC1FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A39F8A-D0F4-480E-904C-8FB906C6D72F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4210033A-0FD1-43A7-BCDC-9A4ADFEBB1DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBD5D3BD-9988-4421-8C2B-1EE907CFA986",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F8D697C-AD36-446A-945A-0746898FFD5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF3072E1-A8AA-4C7B-B395-3F490943FED3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6721626F-3335-446F-95C4-7B150C2FE2E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA624500-6AC3-4991-A185-619E3F76A384",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1544DE39-DA4B-452C-A38C-D15E0EC5148F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B261D656-8C46-4F0A-93DD-8540B21BC1FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "832DE81E-18BB-4276-A6B0-F316A322E83E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01F3328-9DB5-4C75-A9BD-96243975A362",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "24D361EF-B35F-46D9-9DF3-9254FFAD0A1F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "638AAAB0-2077-49F1-A909-0814C94EF96E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E525EF-0702-42BD-AA45-00AB721DE9B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "09B6D822-D0D6-423E-AE9A-7510C06005A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "323B1859-30F3-4787-8A35-46A8189D4C5E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "14C57E06-FBAB-4950-810D-ADDD74D271FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7359FE6-4BD1-4D3C-BCF5-6F2741FC1997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7888E478-E756-48FB-B3E3-534873B5F1D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A82FCA7-76F6-48CE-8886-79AD9094EBF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75DCBC45-71FC-4850-A7E0-6051AE38E4C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/."
    },
    {
      "lang": "es",
      "value": "El demonio GDM en GNOME Display Mangager (GDM) anterior a 2.14.13, 2.16.x anterior a 2.16.7, 2.18.x anterior a 2.18.4, y 2.19.x anterir a 2.19.5 no maneja adecuadamente valores de retorno nulos (NULL) de la funci\u00f3n g_strsplit, lo cual permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda persistente del demonio) mediante un comando manipulado hacia el socket del demonio, relacionado con (1) gdm.c y (2) gdmconfig.c en daemon/, y (3) gdmconfig.c y (4) gdmflexiserver.c en gui/."
    }
  ],
  "id": "CVE-2007-3381",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 1.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 2.7,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-08-07T10:17:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26313"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26368"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26520"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26879"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26900"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/25191"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1018523"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2781"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-1599"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26879"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26900"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2781"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
Impacted products
Vendor Product Version
gnome gdm 2.2.0
gnome gdm 2.4.1
gnome gdm 2.4.1.1
gnome gdm 2.4.1.2
gnome gdm 2.4.1.3
gnome gdm 2.4.1.4
gnome gdm 2.4.1.5
gnome gdm 2.4.1.6
redhat kdebase 2.0_beta2.45
redhat kdebase 2.0_beta2.45
redhat kdebase 2.2.3.1.20
redhat kdebase 2.2.3.1.20
redhat kdebase 2.2.3.1.22
redhat kdebase 2.4.0.7.13
redhat kdebase 2.4.1.3.5
redhat enterprise_linux 2.1
redhat enterprise_linux 2.1
redhat enterprise_linux 2.1
redhat enterprise_linux 2.1
redhat enterprise_linux 2.1
redhat enterprise_linux 2.1
redhat linux_advanced_workstation 2.1



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8790E410-8609-4F08-85B3-EECF31CDB769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96A777E-0CA3-404C-9EF9-AF5D276FB9F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44A4CEA3-1EFD-4926-8702-D9019449BF6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DF81497-99A3-49B9-9CEF-C94AA4FCC2A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B386DD54-80C4-44C1-9276-C875D0EEE8BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A905FFC-0DBA-4636-BDE7-77F21E0871AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA26805-862B-466F-AAE5-C8EF60312BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7DE2E4-5FCC-4F63-BB9F-F7EC77728F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:kdebase:2.0_beta2.45:*:i386:*:*:*:*:*",
              "matchCriteriaId": "BBED88A7-3830-4F95-8B1C-3F09F1AFDB3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:kdebase:2.0_beta2.45:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "96C0C11F-E824-47CD-8FA2-26F26FE0F37E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:kdebase:2.2.3.1.20:*:i386:*:*:*:*:*",
              "matchCriteriaId": "7FCF4CC6-11CE-4468-8CC8-6E75384A34C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:kdebase:2.2.3.1.20:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "1A6487D1-995E-4D75-BE1D-F73ECE35B01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:kdebase:2.2.3.1.22:*:i386:*:*:*:*:*",
              "matchCriteriaId": "DBE8ADC0-A1C9-407C-AA70-67864F423A58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:kdebase:2.4.0.7.13:*:i386:*:*:*:*:*",
              "matchCriteriaId": "8CDE0CDC-78C2-4AD8-8AD0-2A7293E6F8F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:kdebase:2.4.1.3.5:*:i386:*:*:*:*:*",
              "matchCriteriaId": "4E24847A-9164-4CDC-AD9C-087D7C03B24A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
              "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
              "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
              "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
              "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F9BE3AC-B583-4AED-A940-E95F808D1BFB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad desconocida en el soporte XDMPC (X Display Manager Control Protocol - Protocolo de Control de Administrador de Visualizador X) en GDM anteriores a 2.4.1.6 permite a atacantes causar una denegaci\u00f3n de servicio (ca\u00edda del demonio), un problema diferente de CAN-2003-0549."
    }
  ],
  "id": "CVE-2003-0548",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-08-27T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
1999-12-05 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
Impacted products
Vendor Product Version
gnome gdm 2.0_beta4



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.0_beta4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0A11C1-AF35-4006-A5BA-634B814DAC73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system."
    }
  ],
  "id": "CVE-1999-0990",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "1999-12-05T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0990"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
Impacted products
Vendor Product Version
gnome gdm 2.2.0
gnome gdm 2.4.1
gnome gdm 2.4.1.1
gnome gdm 2.4.1.2
gnome gdm 2.4.1.3
gnome gdm 2.4.1.4
gnome gdm 2.4.1.5
gnome gdm 2.4.1.6
redhat kdebase 2.0_beta2.45
redhat kdebase 2.0_beta2.45
redhat kdebase 2.2.3.1.20
redhat kdebase 2.2.3.1.20
redhat kdebase 2.2.3.1.22
redhat kdebase 2.4.0.7.13
redhat kdebase 2.4.1.3.5
redhat enterprise_linux 2.1
redhat enterprise_linux 2.1
redhat enterprise_linux 2.1
redhat enterprise_linux 2.1
redhat enterprise_linux 2.1
redhat enterprise_linux 2.1
redhat linux_advanced_workstation 2.1



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8790E410-8609-4F08-85B3-EECF31CDB769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96A777E-0CA3-404C-9EF9-AF5D276FB9F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44A4CEA3-1EFD-4926-8702-D9019449BF6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DF81497-99A3-49B9-9CEF-C94AA4FCC2A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B386DD54-80C4-44C1-9276-C875D0EEE8BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A905FFC-0DBA-4636-BDE7-77F21E0871AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA26805-862B-466F-AAE5-C8EF60312BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7DE2E4-5FCC-4F63-BB9F-F7EC77728F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:kdebase:2.0_beta2.45:*:i386:*:*:*:*:*",
              "matchCriteriaId": "BBED88A7-3830-4F95-8B1C-3F09F1AFDB3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:kdebase:2.0_beta2.45:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "96C0C11F-E824-47CD-8FA2-26F26FE0F37E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:kdebase:2.2.3.1.20:*:i386:*:*:*:*:*",
              "matchCriteriaId": "7FCF4CC6-11CE-4468-8CC8-6E75384A34C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:kdebase:2.2.3.1.20:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "1A6487D1-995E-4D75-BE1D-F73ECE35B01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:kdebase:2.2.3.1.22:*:i386:*:*:*:*:*",
              "matchCriteriaId": "DBE8ADC0-A1C9-407C-AA70-67864F423A58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:kdebase:2.4.0.7.13:*:i386:*:*:*:*:*",
              "matchCriteriaId": "8CDE0CDC-78C2-4AD8-8AD0-2A7293E6F8F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:kdebase:2.4.1.3.5:*:i386:*:*:*:*:*",
              "matchCriteriaId": "4E24847A-9164-4CDC-AD9C-087D7C03B24A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
              "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
              "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
              "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
              "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F9BE3AC-B583-4AED-A940-E95F808D1BFB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad desconocida en el soporte XDMPC (X Display Manager Control Protocol - Protocolo de Control de Administrador de Visualizador X) en GDM anteriores a 2.4.1.6 permite a atacantes causar una denegaci\u00f3n de servicio (ca\u00edda del demonio), un problema diferente de CAN-2003-0548."
    }
  ],
  "id": "CVE-2003-0549",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-08-27T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
Impacted products
Vendor Product Version
gnome gdm 2.2.5.4
gnome gdm 2.4.1
gnome gdm 2.4.1.1
gnome gdm 2.4.1.2
gnome gdm 2.4.1.3
gnome gdm 2.4.1.4
gnome gdm 2.4.1.5
gnome gdm 2.4.1.6
gnome gdm 2.4.4



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35EE6D6-8058-4840-95E9-6540600F25C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96A777E-0CA3-404C-9EF9-AF5D276FB9F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44A4CEA3-1EFD-4926-8702-D9019449BF6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DF81497-99A3-49B9-9CEF-C94AA4FCC2A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B386DD54-80C4-44C1-9276-C875D0EEE8BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A905FFC-0DBA-4636-BDE7-77F21E0871AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA26805-862B-466F-AAE5-C8EF60312BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7DE2E4-5FCC-4F63-BB9F-F7EC77728F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0E054F0-C688-4CC6-A3DA-22884CA4C4C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)."
    },
    {
      "lang": "es",
      "value": "GDM 2.4.4.x anteriores a 2.4.4.4 y 2.4.1.x anteriores a 2.4.1.7 no restringe el tama\u00f1o de la entrada, lo que permite a atacantes causar una denegaci\u00f3n de servicio (consumici\u00f3n de memoria)."
    }
  ],
  "id": "CVE-2003-0793",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-11-17T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8846"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8846"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-06-09 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
References
secalert@redhat.comhttp://bugzilla.gnome.org/show_bug.cgi?id=343476
secalert@redhat.comhttp://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html
secalert@redhat.comhttp://secunia.com/advisories/20532
secalert@redhat.comhttp://secunia.com/advisories/20552
secalert@redhat.comhttp://secunia.com/advisories/20587
secalert@redhat.comhttp://secunia.com/advisories/20627
secalert@redhat.comhttp://secunia.com/advisories/20636
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200606-14.xml
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:100
secalert@redhat.comhttp://www.securityfocus.com/archive/1/436428
secalert@redhat.comhttp://www.securityfocus.com/bid/18332
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/2239
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/27018
secalert@redhat.comhttps://usn.ubuntu.com/293-1/
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.gnome.org/show_bug.cgi?id=343476
af854a3a-2127-422b-91ae-364da2661108http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20532
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20552
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20587
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20627
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20636
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:100
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/436428
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/18332
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/2239
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/27018
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/293-1/
Impacted products
Vendor Product Version
gnome gdm 2.8
gnome gdm 2.12
gnome gdm 2.14
gnome gdm 2.15



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B935ABD7-CCDF-4A23-8899-4243D66E9486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "27A6CC80-BC52-4B39-9424-E96DDA03666E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
    }
  ],
  "id": "CVE-2006-2452",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-06-09T10:02:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/20532"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/20552"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/20587"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/20627"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/20636"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/436428"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/18332"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/2239"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://usn.ubuntu.com/293-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20552"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20587"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/436428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/293-1/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
Impacted products
Vendor Product Version
gnome gdm 2.2.5.4
gnome gdm 2.4.1
gnome gdm 2.4.1.1
gnome gdm 2.4.1.2
gnome gdm 2.4.1.3
gnome gdm 2.4.1.4
gnome gdm 2.4.1.5
gnome gdm 2.4.1.6
gnome gdm 2.4.4



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35EE6D6-8058-4840-95E9-6540600F25C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96A777E-0CA3-404C-9EF9-AF5D276FB9F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44A4CEA3-1EFD-4926-8702-D9019449BF6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DF81497-99A3-49B9-9CEF-C94AA4FCC2A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B386DD54-80C4-44C1-9276-C875D0EEE8BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A905FFC-0DBA-4636-BDE7-77F21E0871AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA26805-862B-466F-AAE5-C8EF60312BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7DE2E4-5FCC-4F63-BB9F-F7EC77728F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0E054F0-C688-4CC6-A3DA-22884CA4C4C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results."
    },
    {
      "lang": "es",
      "value": "GDM 2.4.4.x anteriores a 2.4.4.4, y 2.4.1.x anteriores a 2.4.1.7 no limita el n\u00famero de comandos y usa una conexi\u00f3n de socket con bloqueo, lo que permite a atacantes causar una denegaci\u00f3n de servicio (consumici\u00f3n de recursos) enviando comandos y no leyendo los resultados."
    }
  ],
  "id": "CVE-2003-0794",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-11-17T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8846"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8846"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2000-06-19 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
Impacted products
Vendor Product Version
gnome gdm 1.0
gnome gdm 1.1
open_group x 11.0r5
open_group x 11.0r6
open_group x 11.0r6.1
open_group x 11.0r6.2
open_group x 11.0r6.3
open_group x 11.0r6.4
xfree86_project x11r6 3.3.3
xfree86_project x11r6 3.3.4
xfree86_project x11r6 3.3.5
xfree86_project x11r6 3.3.6
xfree86_project x11r6 4.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37AB5A38-A7C4-4016-8628-27AA0EC7E401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6BF5526-54BA-411B-8C18-BAD8801EEF18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "341C2874-4A2A-4ECD-A243-10EF6F2588BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97B9657E-D7CE-496F-AE51-8AFA1CCA49CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A2B4032-71E6-4731-B829-DD8F004B20BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1DA55DC-E2A9-44B4-84D6-BE9F84898430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3657FA-0841-487B-9650-FC06A4E2A88B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro."
    }
  ],
  "id": "CVE-2000-0504",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2000-06-19T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/1369"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.xfree86.org/security/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/1369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.xfree86.org/security/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}