Published: 14/08/2018 Updated: 18/10/2018

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The daemon in GDM up to and including 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local malicious user to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome gnome display manager

GDM could be made to crash or run programs as the administrator ...

Chris Coulson discovered a use-after-free flaw in the GNOME Display Manager, triggerable by an unprivileged user via a specially crafted sequence of D-Bus method calls, leading to denial of service or potentially the execution of arbitrary code For the stable distribution (stretch), this problem has been fixed in version 3223-3+deb9u2 We recomm ...

The daemon in GDM through 3291 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution ...

CWE-416 https://usn.ubuntu.com/3737-1/https://gitlab.gnome.org/GNOME/gdm/issues/401 https://www.debian.org/security/2018/dsa-4270 http://www.securityfocus.com/bid/105179 https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html https://usn.ubuntu.com/3737-1/https://nvd.nist.gov

CVE-2018-14424

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect