Published: 09/06/2006 Updated: 03/10/2018

CVSS v2 Base Score: 3.7 | Impact Score: 6.4 | Exploitability Score: 1.9

VMScore: 329

Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome gdm 2.14
gnome gdm 2.15
gnome gdm 2.12
gnome gdm 2.8

If the admin configured a gdm theme that provided an user list, any user could activate the gdm setup program by first choosing the setup option from the menu, clicking on the user list and entering his own (instead of root’s) password This allowed normal users to configure potentially dangerous features like remote or automatic login ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/436428 http://bugzilla.gnome.org/show_bug.cgi?id=343476 http://www.securityfocus.com/bid/18332 http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html http://secunia.com/advisories/20552 http://secunia.com/advisories/20627 http://secunia.com/advisories/20532 http://secunia.com/advisories/20636 http://secunia.com/advisories/20587 http://www.mandriva.com/security/advisories?name=MDKSA-2006:100 http://www.vupen.com/english/advisories/2006/2239 https://exchange.xforce.ibmcloud.com/vulnerabilities/27018 https://usn.ubuntu.com/293-1/https://usn.ubuntu.com/293-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-2452

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect