Published: 14/06/2011 Updated: 07/09/2011

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

GNOME Display Manager (gdm) prior to 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome gdm 2.13
gnome gdm 2.14
gnome gdm 2.20
gnome gdm 2.23
gnome gdm 2.5
gnome gdm 2.28
gnome gdm 2.2
gnome gdm 1.0
gnome gdm 2.15
gnome gdm 2.16
gnome gdm 2.24
gnome gdm 2.25
gnome gdm 2.30
gnome gdm 2.31
gnome gdm 2.32.1
gnome gdm 2.18
gnome gdm 2.19
gnome gdm 2.26
gnome gdm 2.17
gnome gdm 2.29
gnome gdm 2.4
gnome gdm 2.3
gnome gdm 2.22
gnome gdm 2.21
gnome gdm 2.8
gnome gdm 2.6
gnome gdm 2.27
gnome gdm 2.32
gnome gdm 2.0

GDM could be made to launch a browser and leak information about the system ...

CWE-264 http://secunia.com/advisories/44797 https://bugzilla.redhat.com/show_bug.cgi?id=709139 http://www.securityfocus.com/bid/48084 http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html https://hermes.opensuse.org/messages/8643655 http://www.ubuntu.com/usn/USN-1142-1 http://secunia.com/advisories/44808 https://usn.ubuntu.com/1142-1/https://nvd.nist.gov

CVE-2011-1709

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect