Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-2697 | First vendor Publication | 2009-09-04 |
Vendor | Cve | Last vendor Modification | 2017-09-19 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2697 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:22573 | |||
Oval ID: | oval:org.mitre.oval:def:22573 | ||
Title: | ELSA-2009:1364: gdm security and bug fix update (Low) | ||
Description: | The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1364-02 CVE-2009-2697 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | gdm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29259 | |||
Oval ID: | oval:org.mitre.oval:def:29259 | ||
Title: | RHSA-2009:1364 -- gdm security and bug fix update (Low) | ||
Description: | Updated gdm packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. The GNOME Display Manager (GDM) is a configurable re-implementation of XDM, the X Display Manager. GDM allows you to log in to your system with the X Window System running, and supports running several different X sessions on your local machine at the same time. A flaw was found in the way the gdm package was built. The gdm package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2009-2697) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1364 CESA-2009:1364-CentOS 5 CVE-2009-2697 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | gdm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9586 | |||
Oval ID: | oval:org.mitre.oval:def:9586 | ||
Title: | The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. | ||
Description: | The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2697 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for gdm CESA-2009:1364 centos5 i386 File : nvt/gb_CESA-2009_1364_gdm_centos5_i386.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1364 (gdm) File : nvt/ovcesa2009_1364.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1364 File : nvt/RHSA_2009_1364.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
57657 | GNOME Display Manager (gdm) on Red Hat Linux TCP Wrapper Support Weakness |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090902_gdm_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1364.nasl - Type : ACT_GATHER_INFO |
2009-09-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1364.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2020-05-23 01:40:42 |
|
2020-05-23 00:24:07 |
|
2017-09-19 09:23:20 |
|
2016-06-29 00:06:27 |
|
2016-04-26 19:01:08 |
|
2014-02-17 10:51:03 |
|
2013-05-10 23:55:12 |
|