cvelistv5 - cve-2010-2387

CVE-2010-2387 (GCVE-0-2010-2387)

Vulnerability from cvelistv5

Published

2012-12-21 02:00

Modified

2024-08-07 02:32

Severity ?

CWE

Summary

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.

References

►

URL

Tags

secalert_us@oracle.com	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes
secalert_us@oracle.com	http://secunia.com/advisories/40690	Vendor Advisory
secalert_us@oracle.com	http://secunia.com/advisories/40780	Vendor Advisory
secalert_us@oracle.com	http://www.auscert.org.au/13123	US Government Resource
secalert_us@oracle.com	http://www.osvdb.org/66643
secalert_us@oracle.com	https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure
secalert_us@oracle.com	https://bugzilla.gnome.org/show_bug.cgi?id=571846
secalert_us@oracle.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/60642
af854a3a-2127-422b-91ae-364da2661108	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40690	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40780	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.auscert.org.au/13123	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/66643
af854a3a-2127-422b-91ae-364da2661108	https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.gnome.org/show_bug.cgi?id=571846
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/60642

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:32:16.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
          },
          {
            "name": "ASB-2010.0184",
            "tags": [
              "third-party-advisory",
              "x_refsource_AUSCERT",
              "x_transferred"
            ],
            "url": "http://www.auscert.org.au/13123"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
          },
          {
            "name": "40690",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40690"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
          },
          {
            "name": "solaris-gdm-information-disclosure(60642)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
          },
          {
            "name": "40780",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40780"
          },
          {
            "name": "66643",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/66643"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
        },
        {
          "name": "ASB-2010.0184",
          "tags": [
            "third-party-advisory",
            "x_refsource_AUSCERT"
          ],
          "url": "http://www.auscert.org.au/13123"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
        },
        {
          "name": "40690",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40690"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
        },
        {
          "name": "solaris-gdm-information-disclosure(60642)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
        },
        {
          "name": "40780",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40780"
        },
        {
          "name": "66643",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/66643"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-2387",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.gnome.org/show_bug.cgi?id=571846",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
            },
            {
              "name": "ASB-2010.0184",
              "refsource": "AUSCERT",
              "url": "http://www.auscert.org.au/13123"
            },
            {
              "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure",
              "refsource": "CONFIRM",
              "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
            },
            {
              "name": "40690",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40690"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes",
              "refsource": "CONFIRM",
              "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
            },
            {
              "name": "solaris-gdm-information-disclosure(60642)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
            },
            {
              "name": "40780",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40780"
            },
            {
              "name": "66643",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/66643"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-2387",
    "datePublished": "2012-12-21T02:00:00",
    "dateReserved": "2010-06-21T00:00:00",
    "dateUpdated": "2024-08-07T02:32:16.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-2387\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2012-12-21T05:46:13.853\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.\"},{\"lang\":\"es\",\"value\":\"vicious-extensions/ve-misc.c en GNOME Display Manager (GDM) v2.20.x antes de v2.20.11, cuando la depuraci\u00f3n GDM est\u00e1 habilitada, registra la contrase\u00f1a de usuario cuando contiene caracteres no v\u00e1lidos UTF8 codificados, lo que podr\u00eda permitir a usuarios locales obtener privilegios mediante la lectura de la informaci\u00f3n de los registros de syslog.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":1.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gnome_display_manager:2.20.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8C72BE3-BDD4-4A88-8E2A-7C8224B02F76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gnome_display_manager:2.20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"706CCECA-D2FC-40E6-B587-B6E3DD62075D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gnome_display_manager:2.20.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DA2D465-D13D-4871-A15F-BD54C602867D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gnome_display_manager:2.20.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0C53894-4DA5-425F-9DEB-C0371B206FBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gnome_display_manager:2.20.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06EB6BB7-9C4E-4D6B-8ED1-3588E290ADEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gnome_display_manager:2.20.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"409CA831-8DD2-4ED0-9E46-E6EACA01D818\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gnome_display_manager:2.20.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D80F8AA1-0DBA-4B4A-8003-0977632EB92D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gnome_display_manager:2.20.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67E978B3-1614-4591-B58E-9BA781AE0BE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gnome_display_manager:2.20.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5535C17-2D38-49EC-8D44-F99F0B2BEB5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gnome_display_manager:2.20.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE4EA4E1-3B52-4DD1-930D-8E88A2494D22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnome:gnome_display_manager:2.20.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"943E0B71-8FC7-46FB-BA5D-E3A2FD78636F\"}]}]}],\"references\":[{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://secunia.com/advisories/40690\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40780\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.auscert.org.au/13123\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/66643\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://bugzilla.gnome.org/show_bug.cgi?id=571846\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/60642\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/40690\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.auscert.org.au/13123\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/66643\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.gnome.org/show_bug.cgi?id=571846\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/60642\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-748g-m8cr-v48g

Vulnerability from github

Published

2022-05-17 02:07

Modified

2022-05-17 02:07

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-2387"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-12-21T05:46:00Z",
    "severity": "LOW"
  },
  "details": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.",
  "id": "GHSA-748g-m8cr-v48g",
  "modified": "2022-05-17T02:07:05Z",
  "published": "2022-05-17T02:07:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2387"
    },
    {
      "type": "WEB",
      "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
    },
    {
      "type": "WEB",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40690"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40780"
    },
    {
      "type": "WEB",
      "url": "http://www.auscert.org.au/13123"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/66643"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2010-2387

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-2387

Aliases

CVE-2010-2387

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-2387",
    "description": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.",
    "id": "GSD-2010-2387"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-2387"
      ],
      "details": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.",
      "id": "GSD-2010-2387",
      "modified": "2023-12-13T01:21:32.029419Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2010-2387",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.gnome.org/show_bug.cgi?id=571846",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
          },
          {
            "name": "ASB-2010.0184",
            "refsource": "AUSCERT",
            "url": "http://www.auscert.org.au/13123"
          },
          {
            "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure",
            "refsource": "CONFIRM",
            "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
          },
          {
            "name": "40690",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/40690"
          },
          {
            "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes",
            "refsource": "CONFIRM",
            "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
          },
          {
            "name": "solaris-gdm-information-disclosure(60642)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
          },
          {
            "name": "40780",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/40780"
          },
          {
            "name": "66643",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/66643"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gnome_display_manager:2.20.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gnome_display_manager:2.20.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gnome_display_manager:2.20.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gnome_display_manager:2.20.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gnome_display_manager:2.20.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gnome_display_manager:2.20.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gnome_display_manager:2.20.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gnome_display_manager:2.20.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gnome_display_manager:2.20.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gnome_display_manager:2.20.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnome:gnome_display_manager:2.20.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-2387"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-255"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "40690",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/40690"
            },
            {
              "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
            },
            {
              "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
            },
            {
              "name": "https://bugzilla.gnome.org/show_bug.cgi?id=571846",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
            },
            {
              "name": "ASB-2010.0184",
              "refsource": "AUSCERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.auscert.org.au/13123"
            },
            {
              "name": "40780",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/40780"
            },
            {
              "name": "66643",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/66643"
            },
            {
              "name": "solaris-gdm-information-disclosure(60642)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:32Z",
      "publishedDate": "2012-12-21T05:46Z"
    }
  }
}

fkie_cve-2010-2387

Vulnerability from fkie_nvd

Published

2012-12-21 05:46

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert_us@oracle.com	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes
secalert_us@oracle.com	http://secunia.com/advisories/40690	Vendor Advisory
secalert_us@oracle.com	http://secunia.com/advisories/40780	Vendor Advisory
secalert_us@oracle.com	http://www.auscert.org.au/13123	US Government Resource
secalert_us@oracle.com	http://www.osvdb.org/66643
secalert_us@oracle.com	https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure
secalert_us@oracle.com	https://bugzilla.gnome.org/show_bug.cgi?id=571846
secalert_us@oracle.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/60642
af854a3a-2127-422b-91ae-364da2661108	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40690	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40780	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.auscert.org.au/13123	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/66643
af854a3a-2127-422b-91ae-364da2661108	https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.gnome.org/show_bug.cgi?id=571846
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/60642

Impacted products

Vendor	Product	Version
gnome	gnome_display_manager	2.20.0
gnome	gnome_display_manager	2.20.1
gnome	gnome_display_manager	2.20.2
gnome	gnome_display_manager	2.20.3
gnome	gnome_display_manager	2.20.4
gnome	gnome_display_manager	2.20.5
gnome	gnome_display_manager	2.20.6
gnome	gnome_display_manager	2.20.7
gnome	gnome_display_manager	2.20.8
gnome	gnome_display_manager	2.20.9
gnome	gnome_display_manager	2.20.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8C72BE3-BDD4-4A88-8E2A-7C8224B02F76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "706CCECA-D2FC-40E6-B587-B6E3DD62075D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DA2D465-D13D-4871-A15F-BD54C602867D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C53894-4DA5-425F-9DEB-C0371B206FBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "06EB6BB7-9C4E-4D6B-8ED1-3588E290ADEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "409CA831-8DD2-4ED0-9E46-E6EACA01D818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80F8AA1-0DBA-4B4A-8003-0977632EB92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "67E978B3-1614-4591-B58E-9BA781AE0BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5535C17-2D38-49EC-8D44-F99F0B2BEB5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4EA4E1-3B52-4DD1-930D-8E88A2494D22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_display_manager:2.20.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "943E0B71-8FC7-46FB-BA5D-E3A2FD78636F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
    },
    {
      "lang": "es",
      "value": "vicious-extensions/ve-misc.c en GNOME Display Manager (GDM) v2.20.x antes de v2.20.11, cuando la depuraci\u00f3n GDM est\u00e1 habilitada, registra la contrase\u00f1a de usuario cuando contiene caracteres no v\u00e1lidos UTF8 codificados, lo que podr\u00eda permitir a usuarios locales obtener privilegios mediante la lectura de la informaci\u00f3n de los registros de syslog."
    }
  ],
  "id": "CVE-2010-2387",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-12-21T05:46:13.853",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40690"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40780"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.auscert.org.au/13123"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.osvdb.org/66643"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.auscert.org.au/13123"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/66643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-2387 (GCVE-0-2010-2387)

Vulnerability from cvelistv5

ghsa-748g-m8cr-v48g

Vulnerability from github

gsd-2010-2387

Vulnerability from gsd

fkie_cve-2010-2387

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature