Published: 25/04/2006 Updated: 03/10/2018

CVSS v2 Base Score: 3.7 | Impact Score: 6.4 | Exploitability Score: 1.9

VMScore: 329

Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Race condition in daemon/slave.c in gdm prior to 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome gdm 2.14

Marcus Meissner discovered a race condition in gdm’s handling of the ~/ICEauthority file permissions A local attacker could exploit this to become the owner of an arbitrary file in the system When getting control over automatically executed scripts (like cron jobs), the attacker could eventually leverage this flaw to execute arbitrary commands ...

CWE-362 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303 http://www.debian.org/security/2006/dsa-1040 https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261 http://www.securityfocus.com/bid/17635 http://www.redhat.com/support/errata/RHSA-2007-0286.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:083 http://www.vupen.com/english/advisories/2006/1465 https://exchange.xforce.ibmcloud.com/vulnerabilities/26092 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092 https://usn.ubuntu.com/278-1/https://usn.ubuntu.com/278-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-1057

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect