Executive Summary
Summary | |
---|---|
Title | gdm vulnerability |
Informations | |||
---|---|---|---|
Name | USN-396-1 | First vendor Publication | 2006-12-14 |
Vendor | Ubuntu | Last vendor Modification | 2006-12-14 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.1 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 6.10: After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: A format string vulnerability was discovered in the gdmchooser component of the GNOME Display Manager. By typing a specially crafted host name, local users could gain gdm user privileges, which could lead to further account information exposure. |
Original Source
Url : http://www.ubuntu.com/usn/USN-396-1 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
30848 | GNOME Display Manager (gdm) gdmchooser hostname Format String Gnome Display Manager contains a flaw that may allow a malicious user to to gain escalated privileges. The issue is is caused due to a format string error within the 'gdm_chooser_add_host()' function in gdm2/gui/gdmchooser.c. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-11-10 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-396-1.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-231.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1467.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1468.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:01 |
|