Summary
Detail | |||
---|---|---|---|
Vendor | Gnome | First view | 1999-12-05 |
Product | Gdm | Last view | 2011-06-14 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.2 | 2011-06-14 | CVE-2011-1709 | GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. |
6.9 | 2011-03-31 | CVE-2011-0727 | GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. |
6.8 | 2009-09-04 | CVE-2009-2697 | The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. |
1.5 | 2007-08-07 | CVE-2007-3381 | The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/. |
4.3 | 2006-12-14 | CVE-2006-6105 | Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog. |
3.7 | 2006-06-09 | CVE-2006-2452 | GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges. |
3.7 | 2006-04-24 | CVE-2006-1057 | Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. |
2.1 | 2003-11-17 | CVE-2003-0794 | GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results. |
2.1 | 2003-11-17 | CVE-2003-0793 | GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption). |
5 | 2003-08-27 | CVE-2003-0549 | The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name. |
5 | 2003-08-27 | CVE-2003-0548 | The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549. |
2.1 | 2003-08-27 | CVE-2003-0547 | GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file. |
5 | 2000-06-19 | CVE-2000-0504 | libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. |
10 | 2000-05-24 | CVE-2000-0491 | Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request. |
2.1 | 1999-12-05 | CVE-1999-0990 | Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
20% (1) | CWE-362 | Race Condition |
20% (1) | CWE-287 | Improper Authentication |
20% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
20% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
20% (1) | CWE-20 | Improper Input Validation |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:112 | GDM Examine Errors Symlink Vulnerability |
oval:org.mitre.oval:def:113 | X Display Manager Control Protocol Denial of Service |
oval:org.mitre.oval:def:129 | GDM X Display Manager Authorization Vulnerability |
oval:org.mitre.oval:def:10092 | Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to g... |
oval:org.mitre.oval:def:10887 | The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2... |
oval:org.mitre.oval:def:22688 | ELSA-2007:0777: gdm security and bug fix update (Moderate) |
oval:org.mitre.oval:def:9586 | The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56... |
oval:org.mitre.oval:def:22573 | ELSA-2009:1364: gdm security and bug fix update (Low) |
oval:org.mitre.oval:def:29259 | RHSA-2009:1364 -- gdm security and bug fix update (Low) |
oval:org.mitre.oval:def:21930 | RHSA-2011:0395: gdm security update (Moderate) |
oval:org.mitre.oval:def:13786 | USN-1099-1 -- gdm vulnerability |
oval:org.mitre.oval:def:12826 | DSA-2205-1 gdm3 -- privilege escalation |
oval:org.mitre.oval:def:23685 | ELSA-2011:0395: gdm security update (Moderate) |
oval:org.mitre.oval:def:27397 | DEPRECATED: ELSA-2011-0395 -- gdm security update (moderate) |
oval:org.mitre.oval:def:14051 | USN-1142-1 -- dgm vulnerability |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
73035 | GNOME Display Manager (gdm) glib2 Web Browser x-scheme-handler/http MIME Type... |
72551 | GNOME Display Manager (gdm) /var/cache/gdm/ Multiple File Symlink Local Privi... |
57657 | GNOME Display Manager (gdm) on Red Hat Linux TCP Wrapper Support Weakness |
39560 | GNOME Display Manager (gdm) g_strsplit Function Local DoS |
31652 | gdm slave.c Symlink Race Condition |
30848 | GNOME Display Manager (gdm) gdmchooser hostname Format String |
26269 | GNOME Display Manager (gdm) Configure Login Manager Authentication Privilege ... |
11757 | GDM Queried Command Saturation Local DoS |
11756 | XFree86 xdm send_failed() Function Overflow |
11755 | KDE kdm Unspecified Overflow |
11754 | GDM XDMCP FORWARD_QUERY Request Overflow |
9824 | GDM VerboseAuth Setting Error Message Information Disclosure |
6314 | GDM XDMCP Host Name Expiration DoS |
6313 | GDM XDMCP Short Authorization Key DoS |
2683 | GDM Input Size Memory Consumption Local DoS |
2461 | GDM .xsession-errors Symlink Arbitrary File Read |
1412 | libICE SKIP_STRING Macro Remote DoS |
OpenVAS Exploits
id | Description |
---|---|
2012-06-06 | Name : RedHat Update for gdm RHSA-2011:0395-01 File : nvt/gb_RHSA-2011_0395-01_gdm.nasl |
2011-08-09 | Name : CentOS Update for gdm CESA-2009:1364 centos5 i386 File : nvt/gb_CESA-2009_1364_gdm_centos5_i386.nasl |
2011-07-12 | Name : Fedora Update for gdm FEDORA-2011-7822 File : nvt/gb_fedora_2011_7822_gdm_fc15.nasl |
2011-06-06 | Name : Ubuntu Update for gdm USN-1142-1 File : nvt/gb_ubuntu_USN_1142_1.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2205-1 (gdm3) File : nvt/deb_2205_1.nasl |
2011-05-12 | Name : FreeBSD Ports: gdm File : nvt/freebsd_gdm.nasl |
2011-04-19 | Name : Fedora Update for gdm FEDORA-2011-4351 File : nvt/gb_fedora_2011_4351_gdm_fc13.nasl |
2011-04-11 | Name : Mandriva Update for gdm MDVSA-2011:070 (gdm) File : nvt/gb_mandriva_MDVSA_2011_070.nasl |
2011-04-06 | Name : Fedora Update for gdm FEDORA-2011-4335 File : nvt/gb_fedora_2011_4335_gdm_fc14.nasl |
2011-04-01 | Name : Ubuntu Update for gdm vulnerability USN-1099-1 File : nvt/gb_ubuntu_USN_1099_1.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1364 (gdm) File : nvt/ovcesa2009_1364.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1364 File : nvt/RHSA_2009_1364.nasl |
2009-04-09 | Name : Mandriva Update for gdm MDKSA-2007:169 (gdm) File : nvt/gb_mandriva_MDKSA_2007_169.nasl |
2009-02-27 | Name : Fedora Update for gdm FEDORA-2007-653 File : nvt/gb_fedora_2007_653_gdm_fc6.nasl |
2009-02-27 | Name : Fedora Update for gdm FEDORA-2007-1362 File : nvt/gb_fedora_2007_1362_gdm_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200606-14 (gdm) File : nvt/glsa_200606_14.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200709-11 (gdm) File : nvt/glsa_200709_11.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1040-1 (gdm) File : nvt/deb_1040_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2003-300-01 gdm security update File : nvt/esoft_slk_ssa_2003_300_01.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_gdm-110531.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_gdm-110330.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_gdm-110330.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2007-0286.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2011-0395.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2007-0777.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20070501_gdm_on_SL4.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing a security update. File: sl_20070807_gdm_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20090902_gdm_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20110329_gdm_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
2011-06-13 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1142-1.nasl - Type: ACT_GATHER_INFO |
2011-06-07 | Name: The remote Fedora host is missing a security update. File: fedora_2011-7822.nasl - Type: ACT_GATHER_INFO |
2011-04-15 | Name: The remote Fedora host is missing a security update. File: fedora_2011-4351.nasl - Type: ACT_GATHER_INFO |
2011-04-11 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2011-070.nasl - Type: ACT_GATHER_INFO |
2011-04-04 | Name: The remote Fedora host is missing a security update. File: fedora_2011-4335.nasl - Type: ACT_GATHER_INFO |
2011-03-31 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1099-1.nasl - Type: ACT_GATHER_INFO |
2011-03-30 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_c6fbd44759ed11e08d040015f2db7bde.nasl - Type: ACT_GATHER_INFO |
2011-03-29 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2011-0395.nasl - Type: ACT_GATHER_INFO |
2011-03-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2205.nasl - Type: ACT_GATHER_INFO |
2010-01-06 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2009-1364.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_11050.nasl - Type: ACT_GATHER_INFO |
2009-09-02 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2009-1364.nasl - Type: ACT_GATHER_INFO |
2007-11-10 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-293-1.nasl - Type: ACT_GATHER_INFO |
2007-11-10 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-396-1.nasl - Type: ACT_GATHER_INFO |