This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gnome First view 1999-12-05
Product Gdm Last view 2011-06-14
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:* 7
cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:* 7
cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:* 7
cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:* 7
cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:* 7
cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:* 7
cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:* 7
cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:* 6
cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:* 5
cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:* 5
cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:* 5
cpe:2.3:a:gnome:gdm:2.2.5.4:*:*:*:*:*:*:* 4
cpe:2.3:a:gnome:gdm:2.4.4:*:*:*:*:*:*:* 4
cpe:2.3:a:gnome:gdm:2.2.0:*:*:*:*:*:*:* 4
cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:* 4
cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:* 4
cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:* 4
cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:* 4
cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:* 4
cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:* 4
cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:* 4
cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:* 4
cpe:2.3:a:gnome:gdm:2.12:*:*:*:*:*:*:* 3
cpe:2.3:a:gnome:gdm:2.0_beta4:*:*:*:*:*:*:* 3
cpe:2.3:a:gnome:gdm:2.14.1:*:*:*:*:*:*:* 3
cpe:2.3:a:gnome:gdm:1.1:*:*:*:*:*:*:* 3
cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:* 3
cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:* 3
cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.17:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.23:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.14.7:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.14.11:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.20:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.29:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.14.2:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.26:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.14.8:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.14.10:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.14.12:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:0.7:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.25:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.28:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.22:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.24:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.30:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.27:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.31:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:gdm:2.32:*:*:*:*:*:*:* 2

Related : CVE

  Date Alert Description
7.2 2011-06-14 CVE-2011-1709

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.

6.9 2011-03-31 CVE-2011-0727

GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.

6.8 2009-09-04 CVE-2009-2697

The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.

1.5 2007-08-07 CVE-2007-3381

The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.

4.3 2006-12-14 CVE-2006-6105

Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.

3.7 2006-06-09 CVE-2006-2452

GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.

3.7 2006-04-24 CVE-2006-1057

Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.

2.1 2003-11-17 CVE-2003-0794

GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.

2.1 2003-11-17 CVE-2003-0793

GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).

5 2003-08-27 CVE-2003-0549

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.

5 2003-08-27 CVE-2003-0548

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.

2.1 2003-08-27 CVE-2003-0547

GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.

5 2000-06-19 CVE-2000-0504

libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.

10 2000-05-24 CVE-2000-0491

Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.

2.1 1999-12-05 CVE-1999-0990

Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.

CWE : Common Weakness Enumeration

%idName
20% (1) CWE-362 Race Condition
20% (1) CWE-287 Improper Authentication
20% (1) CWE-264 Permissions, Privileges, and Access Controls
20% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
20% (1) CWE-20 Improper Input Validation

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:112 GDM Examine Errors Symlink Vulnerability
oval:org.mitre.oval:def:113 X Display Manager Control Protocol Denial of Service
oval:org.mitre.oval:def:129 GDM X Display Manager Authorization Vulnerability
oval:org.mitre.oval:def:10092 Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to g...
oval:org.mitre.oval:def:10887 The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2...
oval:org.mitre.oval:def:22688 ELSA-2007:0777: gdm security and bug fix update (Moderate)
oval:org.mitre.oval:def:9586 The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56...
oval:org.mitre.oval:def:22573 ELSA-2009:1364: gdm security and bug fix update (Low)
oval:org.mitre.oval:def:29259 RHSA-2009:1364 -- gdm security and bug fix update (Low)
oval:org.mitre.oval:def:21930 RHSA-2011:0395: gdm security update (Moderate)
oval:org.mitre.oval:def:13786 USN-1099-1 -- gdm vulnerability
oval:org.mitre.oval:def:12826 DSA-2205-1 gdm3 -- privilege escalation
oval:org.mitre.oval:def:23685 ELSA-2011:0395: gdm security update (Moderate)
oval:org.mitre.oval:def:27397 DEPRECATED: ELSA-2011-0395 -- gdm security update (moderate)
oval:org.mitre.oval:def:14051 USN-1142-1 -- dgm vulnerability

Open Source Vulnerability Database (OSVDB)

id Description
73035 GNOME Display Manager (gdm) glib2 Web Browser x-scheme-handler/http MIME Type...
72551 GNOME Display Manager (gdm) /var/cache/gdm/ Multiple File Symlink Local Privi...
57657 GNOME Display Manager (gdm) on Red Hat Linux TCP Wrapper Support Weakness
39560 GNOME Display Manager (gdm) g_strsplit Function Local DoS
31652 gdm slave.c Symlink Race Condition
30848 GNOME Display Manager (gdm) gdmchooser hostname Format String
26269 GNOME Display Manager (gdm) Configure Login Manager Authentication Privilege ...
11757 GDM Queried Command Saturation Local DoS
11756 XFree86 xdm send_failed() Function Overflow
11755 KDE kdm Unspecified Overflow
11754 GDM XDMCP FORWARD_QUERY Request Overflow
9824 GDM VerboseAuth Setting Error Message Information Disclosure
6314 GDM XDMCP Host Name Expiration DoS
6313 GDM XDMCP Short Authorization Key DoS
2683 GDM Input Size Memory Consumption Local DoS
2461 GDM .xsession-errors Symlink Arbitrary File Read
1412 libICE SKIP_STRING Macro Remote DoS

OpenVAS Exploits

id Description
2012-06-06 Name : RedHat Update for gdm RHSA-2011:0395-01
File : nvt/gb_RHSA-2011_0395-01_gdm.nasl
2011-08-09 Name : CentOS Update for gdm CESA-2009:1364 centos5 i386
File : nvt/gb_CESA-2009_1364_gdm_centos5_i386.nasl
2011-07-12 Name : Fedora Update for gdm FEDORA-2011-7822
File : nvt/gb_fedora_2011_7822_gdm_fc15.nasl
2011-06-06 Name : Ubuntu Update for gdm USN-1142-1
File : nvt/gb_ubuntu_USN_1142_1.nasl
2011-05-12 Name : Debian Security Advisory DSA 2205-1 (gdm3)
File : nvt/deb_2205_1.nasl
2011-05-12 Name : FreeBSD Ports: gdm
File : nvt/freebsd_gdm.nasl
2011-04-19 Name : Fedora Update for gdm FEDORA-2011-4351
File : nvt/gb_fedora_2011_4351_gdm_fc13.nasl
2011-04-11 Name : Mandriva Update for gdm MDVSA-2011:070 (gdm)
File : nvt/gb_mandriva_MDVSA_2011_070.nasl
2011-04-06 Name : Fedora Update for gdm FEDORA-2011-4335
File : nvt/gb_fedora_2011_4335_gdm_fc14.nasl
2011-04-01 Name : Ubuntu Update for gdm vulnerability USN-1099-1
File : nvt/gb_ubuntu_USN_1099_1.nasl
2009-09-21 Name : CentOS Security Advisory CESA-2009:1364 (gdm)
File : nvt/ovcesa2009_1364.nasl
2009-09-09 Name : RedHat Security Advisory RHSA-2009:1364
File : nvt/RHSA_2009_1364.nasl
2009-04-09 Name : Mandriva Update for gdm MDKSA-2007:169 (gdm)
File : nvt/gb_mandriva_MDKSA_2007_169.nasl
2009-02-27 Name : Fedora Update for gdm FEDORA-2007-653
File : nvt/gb_fedora_2007_653_gdm_fc6.nasl
2009-02-27 Name : Fedora Update for gdm FEDORA-2007-1362
File : nvt/gb_fedora_2007_1362_gdm_fc7.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200606-14 (gdm)
File : nvt/glsa_200606_14.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200709-11 (gdm)
File : nvt/glsa_200709_11.nasl
2008-01-17 Name : Debian Security Advisory DSA 1040-1 (gdm)
File : nvt/deb_1040_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2003-300-01 gdm security update
File : nvt/esoft_slk_ssa_2003_300_01.nasl

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_gdm-110531.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_gdm-110330.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_gdm-110330.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2007-0286.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-0395.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2007-0777.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20070501_gdm_on_SL4.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing a security update.
File: sl_20070807_gdm_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20090902_gdm_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20110329_gdm_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2011-06-13 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1142-1.nasl - Type: ACT_GATHER_INFO
2011-06-07 Name: The remote Fedora host is missing a security update.
File: fedora_2011-7822.nasl - Type: ACT_GATHER_INFO
2011-04-15 Name: The remote Fedora host is missing a security update.
File: fedora_2011-4351.nasl - Type: ACT_GATHER_INFO
2011-04-11 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2011-070.nasl - Type: ACT_GATHER_INFO
2011-04-04 Name: The remote Fedora host is missing a security update.
File: fedora_2011-4335.nasl - Type: ACT_GATHER_INFO
2011-03-31 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1099-1.nasl - Type: ACT_GATHER_INFO
2011-03-30 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_c6fbd44759ed11e08d040015f2db7bde.nasl - Type: ACT_GATHER_INFO
2011-03-29 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2011-0395.nasl - Type: ACT_GATHER_INFO
2011-03-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2205.nasl - Type: ACT_GATHER_INFO
2010-01-06 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2009-1364.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_11050.nasl - Type: ACT_GATHER_INFO
2009-09-02 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2009-1364.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-293-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-396-1.nasl - Type: ACT_GATHER_INFO