Search criteria
32 vulnerabilities found for gdm by GNOME
CVE-2017-12164 (GCVE-0-2017-12164)
Vulnerability from nvd – Published: 2018-07-26 16:00 – Updated: 2024-08-05 18:28
VLAI?
Summary
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
Severity ?
4.1 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gdm",
"vendor": "GNOME",
"versions": [
{
"status": "affected",
"version": "3.24.1"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select \u0027login as another user\u0027 to unlock their screen."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-592",
"description": "CWE-592",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-26T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-12164",
"datePublished": "2018-07-26T16:00:00",
"dateReserved": "2017-08-01T00:00:00",
"dateUpdated": "2024-08-05T18:28:16.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1709 (GCVE-0-2011-1709)
Vulnerability from nvd – Published: 2011-06-14 17:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44808"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44808"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"name": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44808"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=709139",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1709",
"datePublished": "2011-06-14T17:00:00",
"dateReserved": "2011-04-15T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0727 (GCVE-0-2011-0727)
Vulnerability from nvd – Published: 2011-03-31 22:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:52.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name": "43714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43714"
},
{
"name": "1025264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025264"
},
{
"name": "FEDORA-2011-4351",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name": "43854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43854"
},
{
"name": "ADV-2011-0847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name": "ADV-2011-0787",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name": "display-manager-priv-escalation(66377)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"name": "ADV-2011-0911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name": "MDVSA-2011:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name": "DSA-2205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"name": "RHSA-2011:0395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name": "47063",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47063"
},
{
"name": "ADV-2011-0786",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name": "[gdm-list] 20110328 GDM 2.32.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name": "44021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44021"
},
{
"name": "FEDORA-2011-4335",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name": "ADV-2011-0797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "USN-1099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name": "43714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43714"
},
{
"name": "1025264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025264"
},
{
"name": "FEDORA-2011-4351",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name": "43854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43854"
},
{
"name": "ADV-2011-0847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name": "ADV-2011-0787",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name": "display-manager-priv-escalation(66377)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"name": "ADV-2011-0911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name": "MDVSA-2011:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name": "DSA-2205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"name": "RHSA-2011:0395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name": "47063",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47063"
},
{
"name": "ADV-2011-0786",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name": "[gdm-list] 20110328 GDM 2.32.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name": "44021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44021"
},
{
"name": "FEDORA-2011-4335",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name": "ADV-2011-0797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-0727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1099-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name": "43714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43714"
},
{
"name": "1025264",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025264"
},
{
"name": "FEDORA-2011-4351",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name": "43854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43854"
},
{
"name": "ADV-2011-0847",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name": "ADV-2011-0787",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name": "display-manager-priv-escalation(66377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"name": "ADV-2011-0911",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name": "MDVSA-2011:070",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name": "DSA-2205",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"name": "RHSA-2011:0395",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name": "47063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47063"
},
{
"name": "ADV-2011-0786",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name": "[gdm-list] 20110328 GDM 2.32.1 released",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=688323",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name": "44021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44021"
},
{
"name": "FEDORA-2011-4335",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name": "ADV-2011-0797",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-0727",
"datePublished": "2011-03-31T22:00:00",
"dateReserved": "2011-02-01T00:00:00",
"dateUpdated": "2024-08-06T22:05:52.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2697 (GCVE-0-2009-2697)
Vulnerability from nvd – Published: 2009-09-04 20:00 – Updated: 2024-08-07 05:59
VLAI?
Summary
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9586",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"name": "36553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"name": "36219",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36219"
},
{
"name": "RHSA-2009:1364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9586",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"name": "36553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"name": "36219",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36219"
},
{
"name": "RHSA-2009:1364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:9586",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"name": "36553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36553"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=239818",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"name": "36219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36219"
},
{
"name": "RHSA-2009:1364",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2697",
"datePublished": "2009-09-04T20:00:00",
"dateReserved": "2009-08-05T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3381 (GCVE-0-2007-3381)
Vulnerability from nvd – Published: 2007-08-07 10:00 – Updated: 2024-08-07 14:14
VLAI?
Summary
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200709-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
},
{
"name": "26313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26313"
},
{
"name": "ADV-2007-2781",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2781"
},
{
"name": "25191",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25191"
},
{
"name": "26879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26879"
},
{
"name": "oval:org.mitre.oval:def:10887",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1599"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
},
{
"name": "26368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26368"
},
{
"name": "MDKSA-2007:169",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
},
{
"name": "20070803 FLEA-2007-0041-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
},
{
"name": "RHSA-2007:0777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
},
{
"name": "1018523",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018523"
},
{
"name": "26900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26900"
},
{
"name": "26520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-200709-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
},
{
"name": "26313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26313"
},
{
"name": "ADV-2007-2781",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2781"
},
{
"name": "25191",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25191"
},
{
"name": "26879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26879"
},
{
"name": "oval:org.mitre.oval:def:10887",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1599"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
},
{
"name": "26368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26368"
},
{
"name": "MDKSA-2007:169",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
},
{
"name": "20070803 FLEA-2007-0041-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
},
{
"name": "RHSA-2007:0777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
},
{
"name": "1018523",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018523"
},
{
"name": "26900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26900"
},
{
"name": "26520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26520"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-3381",
"datePublished": "2007-08-07T10:00:00",
"dateReserved": "2007-06-25T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6105 (GCVE-0-2006-6105)
Vulnerability from nvd – Published: 2006-12-15 02:00 – Updated: 2024-08-07 20:12
VLAI?
Summary
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23385",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23385"
},
{
"name": "23387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23387"
},
{
"name": "ADV-2006-5015",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5015"
},
{
"name": "23409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23409"
},
{
"name": "1017383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017383"
},
{
"name": "1017320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017320"
},
{
"name": "30848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30848"
},
{
"name": "gdmchooser-host-chooser-format-string(30896)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
},
{
"name": "21597",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21597"
},
{
"name": "23381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23381"
},
{
"name": "20061214 GNOME Foundation Display Manager gdmchooser Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
},
{
"name": "SUSE-SR:2006:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"name": "MDKSA-2006:231",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
},
{
"name": "USN-396-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-396-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "23385",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23385"
},
{
"name": "23387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23387"
},
{
"name": "ADV-2006-5015",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5015"
},
{
"name": "23409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23409"
},
{
"name": "1017383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017383"
},
{
"name": "1017320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017320"
},
{
"name": "30848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30848"
},
{
"name": "gdmchooser-host-chooser-format-string(30896)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
},
{
"name": "21597",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21597"
},
{
"name": "23381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23381"
},
{
"name": "20061214 GNOME Foundation Display Manager gdmchooser Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
},
{
"name": "SUSE-SR:2006:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"name": "MDKSA-2006:231",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
},
{
"name": "USN-396-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-396-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-6105",
"datePublished": "2006-12-15T02:00:00",
"dateReserved": "2006-11-24T00:00:00",
"dateUpdated": "2024-08-07T20:12:31.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2452 (GCVE-0-2006-2452)
Vulnerability from nvd – Published: 2006-06-09 10:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-2452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"name": "http://bugzilla.gnome.org/show_bug.cgi?id=343476",
"refsource": "CONFIRM",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-2452",
"datePublished": "2006-06-09T10:00:00",
"dateReserved": "2006-05-18T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1057 (GCVE-0-2006-1057)
Vulnerability from nvd – Published: 2006-04-25 01:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gdm-slavec-symlink(26092)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
},
{
"name": "ADV-2006-1465",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1465"
},
{
"name": "MDKSA-2006:083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
},
{
"name": "DSA-1040",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1040"
},
{
"name": "17635",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17635"
},
{
"name": "RHSA-2007:0286",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
},
{
"name": "oval:org.mitre.oval:def:10092",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
},
{
"name": "FEDORA-2006-338",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
},
{
"name": "USN-278-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/278-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "gdm-slavec-symlink(26092)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
},
{
"name": "ADV-2006-1465",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1465"
},
{
"name": "MDKSA-2006:083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
},
{
"name": "DSA-1040",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1040"
},
{
"name": "17635",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17635"
},
{
"name": "RHSA-2007:0286",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
},
{
"name": "oval:org.mitre.oval:def:10092",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
},
{
"name": "FEDORA-2006-338",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
},
{
"name": "USN-278-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/278-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-1057",
"datePublished": "2006-04-25T01:00:00",
"dateReserved": "2006-03-07T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0794 (GCVE-0-2003-0794)
Vulnerability from nvd – Published: 2003-10-21 04:00 – Updated: 2024-08-08 02:05
VLAI?
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gdm-command-dos(13448)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gdm-command-dos(13448)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gdm-command-dos(13448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"name": "MDKSA-2003:100",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "CLA-2003:766",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8846"
},
{
"name": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome",
"refsource": "CONFIRM",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0794",
"datePublished": "2003-10-21T04:00:00",
"dateReserved": "2003-09-17T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0793 (GCVE-0-2003-0793)
Vulnerability from nvd – Published: 2003-10-21 04:00 – Updated: 2024-08-08 02:05
VLAI?
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "gdm-dos(13447)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "gdm-dos(13447)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2003:100",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "gdm-dos(13447)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"name": "CLA-2003:766",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8846"
},
{
"name": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome",
"refsource": "CONFIRM",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0793",
"datePublished": "2003-10-21T04:00:00",
"dateReserved": "2003-09-17T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0548 (GCVE-0-2003-0548)
Vulnerability from nvd – Published: 2003-08-22 04:00 – Updated: 2024-08-08 01:58
VLAI?
Summary
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:10.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:113",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113"
},
{
"name": "RHSA-2003:259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:113",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113"
},
{
"name": "RHSA-2003:259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2003:729",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:113",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113"
},
{
"name": "RHSA-2003:259",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"name": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"refsource": "CONFIRM",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0548",
"datePublished": "2003-08-22T04:00:00",
"dateReserved": "2003-07-14T00:00:00",
"dateUpdated": "2024-08-08T01:58:10.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0549 (GCVE-0-2003-0549)
Vulnerability from nvd – Published: 2003-08-22 04:00 – Updated: 2024-08-08 01:58
VLAI?
Summary
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:10.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:129",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129"
},
{
"name": "RHSA-2003:259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:129",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129"
},
{
"name": "RHSA-2003:259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2003:729",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:129",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129"
},
{
"name": "RHSA-2003:259",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"name": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"refsource": "CONFIRM",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0549",
"datePublished": "2003-08-22T04:00:00",
"dateReserved": "2003-07-14T00:00:00",
"dateUpdated": "2024-08-08T01:58:10.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0547 (GCVE-0-2003-0547)
Vulnerability from nvd – Published: 2003-08-22 04:00 – Updated: 2024-08-08 01:58
VLAI?
Summary
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:112",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"name": "20030824 [slackware-security] GDM security update (SSA:2003-236-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:112",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"name": "20030824 [slackware-security] GDM security update (SSA:2003-236-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2003:729",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:112",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
},
{
"name": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"refsource": "CONFIRM",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"name": "20030824 [slackware-security] GDM security update (SSA:2003-236-01)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0547",
"datePublished": "2003-08-22T04:00:00",
"dateReserved": "2003-07-14T00:00:00",
"dateUpdated": "2024-08-08T01:58:11.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0504 (GCVE-0-2000-0504)
Vulnerability from nvd – Published: 2001-05-07 04:00 – Updated: 2024-08-08 05:21
VLAI?
Summary
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xfree86.org/security/"
},
{
"name": "1369",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1369"
},
{
"name": "20000619 XFree86: libICE DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xfree86.org/security/"
},
{
"name": "1369",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1369"
},
{
"name": "20000619 XFree86: libICE DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.xfree86.org/security/",
"refsource": "CONFIRM",
"url": "http://www.xfree86.org/security/"
},
{
"name": "1369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1369"
},
{
"name": "20000619 XFree86: libICE DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0504",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0491 (GCVE-0-2000-0491)
Vulnerability from nvd – Published: 2000-07-12 04:00 – Updated: 2024-08-08 05:21
VLAI?
Summary
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:30.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000607 Conectiva Linux Security Announcement - gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html"
},
{
"name": "1279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1279"
},
{
"name": "1370",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1370"
},
{
"name": "1233",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1233"
},
{
"name": "20000524 Security hole in gdm \u003c= 2.0beta4-25",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_49.html"
},
{
"name": "CSSA-2000-013.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt"
},
{
"name": "20000521 \"gdm\" remote hole",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-04-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000607 Conectiva Linux Security Announcement - gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html"
},
{
"name": "1279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1279"
},
{
"name": "1370",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1370"
},
{
"name": "1233",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1233"
},
{
"name": "20000524 Security hole in gdm \u003c= 2.0beta4-25",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_49.html"
},
{
"name": "CSSA-2000-013.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt"
},
{
"name": "20000521 \"gdm\" remote hole",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000607 Conectiva Linux Security Announcement - gdm",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html"
},
{
"name": "1279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1279"
},
{
"name": "1370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1370"
},
{
"name": "1233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1233"
},
{
"name": "20000524 Security hole in gdm \u003c= 2.0beta4-25",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_49.html"
},
{
"name": "CSSA-2000-013.0",
"refsource": "CALDERA",
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt"
},
{
"name": "20000521 \"gdm\" remote hole",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0491",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:30.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12164 (GCVE-0-2017-12164)
Vulnerability from cvelistv5 – Published: 2018-07-26 16:00 – Updated: 2024-08-05 18:28
VLAI?
Summary
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
Severity ?
4.1 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gdm",
"vendor": "GNOME",
"versions": [
{
"status": "affected",
"version": "3.24.1"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select \u0027login as another user\u0027 to unlock their screen."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-592",
"description": "CWE-592",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-26T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-12164",
"datePublished": "2018-07-26T16:00:00",
"dateReserved": "2017-08-01T00:00:00",
"dateUpdated": "2024-08-05T18:28:16.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1709 (GCVE-0-2011-1709)
Vulnerability from cvelistv5 – Published: 2011-06-14 17:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44808"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44808"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"name": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44808"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=709139",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1709",
"datePublished": "2011-06-14T17:00:00",
"dateReserved": "2011-04-15T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0727 (GCVE-0-2011-0727)
Vulnerability from cvelistv5 – Published: 2011-03-31 22:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:52.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name": "43714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43714"
},
{
"name": "1025264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025264"
},
{
"name": "FEDORA-2011-4351",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name": "43854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43854"
},
{
"name": "ADV-2011-0847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name": "ADV-2011-0787",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name": "display-manager-priv-escalation(66377)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"name": "ADV-2011-0911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name": "MDVSA-2011:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name": "DSA-2205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"name": "RHSA-2011:0395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name": "47063",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47063"
},
{
"name": "ADV-2011-0786",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name": "[gdm-list] 20110328 GDM 2.32.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name": "44021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44021"
},
{
"name": "FEDORA-2011-4335",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name": "ADV-2011-0797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "USN-1099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name": "43714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43714"
},
{
"name": "1025264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025264"
},
{
"name": "FEDORA-2011-4351",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name": "43854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43854"
},
{
"name": "ADV-2011-0847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name": "ADV-2011-0787",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name": "display-manager-priv-escalation(66377)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"name": "ADV-2011-0911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name": "MDVSA-2011:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name": "DSA-2205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"name": "RHSA-2011:0395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name": "47063",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47063"
},
{
"name": "ADV-2011-0786",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name": "[gdm-list] 20110328 GDM 2.32.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name": "44021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44021"
},
{
"name": "FEDORA-2011-4335",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name": "ADV-2011-0797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-0727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1099-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name": "43714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43714"
},
{
"name": "1025264",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025264"
},
{
"name": "FEDORA-2011-4351",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name": "43854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43854"
},
{
"name": "ADV-2011-0847",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name": "ADV-2011-0787",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name": "display-manager-priv-escalation(66377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"name": "ADV-2011-0911",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name": "MDVSA-2011:070",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name": "DSA-2205",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"name": "RHSA-2011:0395",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name": "47063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47063"
},
{
"name": "ADV-2011-0786",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name": "[gdm-list] 20110328 GDM 2.32.1 released",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=688323",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name": "44021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44021"
},
{
"name": "FEDORA-2011-4335",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name": "ADV-2011-0797",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-0727",
"datePublished": "2011-03-31T22:00:00",
"dateReserved": "2011-02-01T00:00:00",
"dateUpdated": "2024-08-06T22:05:52.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2697 (GCVE-0-2009-2697)
Vulnerability from cvelistv5 – Published: 2009-09-04 20:00 – Updated: 2024-08-07 05:59
VLAI?
Summary
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9586",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"name": "36553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"name": "36219",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36219"
},
{
"name": "RHSA-2009:1364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9586",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"name": "36553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"name": "36219",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36219"
},
{
"name": "RHSA-2009:1364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:9586",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"
},
{
"name": "36553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36553"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=239818",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=239818"
},
{
"name": "36219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36219"
},
{
"name": "RHSA-2009:1364",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1364.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2697",
"datePublished": "2009-09-04T20:00:00",
"dateReserved": "2009-08-05T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3381 (GCVE-0-2007-3381)
Vulnerability from cvelistv5 – Published: 2007-08-07 10:00 – Updated: 2024-08-07 14:14
VLAI?
Summary
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200709-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
},
{
"name": "26313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26313"
},
{
"name": "ADV-2007-2781",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2781"
},
{
"name": "25191",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25191"
},
{
"name": "26879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26879"
},
{
"name": "oval:org.mitre.oval:def:10887",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1599"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
},
{
"name": "26368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26368"
},
{
"name": "MDKSA-2007:169",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
},
{
"name": "20070803 FLEA-2007-0041-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
},
{
"name": "RHSA-2007:0777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
},
{
"name": "1018523",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018523"
},
{
"name": "26900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26900"
},
{
"name": "26520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-200709-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
},
{
"name": "26313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26313"
},
{
"name": "ADV-2007-2781",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2781"
},
{
"name": "25191",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25191"
},
{
"name": "26879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26879"
},
{
"name": "oval:org.mitre.oval:def:10887",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1599"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
},
{
"name": "26368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26368"
},
{
"name": "MDKSA-2007:169",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
},
{
"name": "20070803 FLEA-2007-0041-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
},
{
"name": "RHSA-2007:0777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
},
{
"name": "1018523",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018523"
},
{
"name": "26900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26900"
},
{
"name": "26520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26520"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-3381",
"datePublished": "2007-08-07T10:00:00",
"dateReserved": "2007-06-25T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6105 (GCVE-0-2006-6105)
Vulnerability from cvelistv5 – Published: 2006-12-15 02:00 – Updated: 2024-08-07 20:12
VLAI?
Summary
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23385",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23385"
},
{
"name": "23387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23387"
},
{
"name": "ADV-2006-5015",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5015"
},
{
"name": "23409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23409"
},
{
"name": "1017383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017383"
},
{
"name": "1017320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017320"
},
{
"name": "30848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30848"
},
{
"name": "gdmchooser-host-chooser-format-string(30896)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
},
{
"name": "21597",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21597"
},
{
"name": "23381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23381"
},
{
"name": "20061214 GNOME Foundation Display Manager gdmchooser Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
},
{
"name": "SUSE-SR:2006:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"name": "MDKSA-2006:231",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
},
{
"name": "USN-396-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-396-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "23385",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23385"
},
{
"name": "23387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23387"
},
{
"name": "ADV-2006-5015",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5015"
},
{
"name": "23409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23409"
},
{
"name": "1017383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017383"
},
{
"name": "1017320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017320"
},
{
"name": "30848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30848"
},
{
"name": "gdmchooser-host-chooser-format-string(30896)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30896"
},
{
"name": "21597",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21597"
},
{
"name": "23381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23381"
},
{
"name": "20061214 GNOME Foundation Display Manager gdmchooser Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453"
},
{
"name": "SUSE-SR:2006:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"name": "MDKSA-2006:231",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:231"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news"
},
{
"name": "USN-396-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-396-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-6105",
"datePublished": "2006-12-15T02:00:00",
"dateReserved": "2006-11-24T00:00:00",
"dateUpdated": "2024-08-07T20:12:31.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2452 (GCVE-0-2006-2452)
Vulnerability from cvelistv5 – Published: 2006-06-09 10:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-2452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20532"
},
{
"name": "SUSE-SR:2006:013",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name": "20627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20627"
},
{
"name": "ADV-2006-2239",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name": "USN-293-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name": "20060608 rPSA-2006-0098-1 gdm",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"name": "http://bugzilla.gnome.org/show_bug.cgi?id=343476",
"refsource": "CONFIRM",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name": "GLSA-200606-14",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name": "18332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name": "20636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20636"
},
{
"name": "gdm-facebrowser-security-bypass(27018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name": "20587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20587"
},
{
"name": "20552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20552"
},
{
"name": "MDKSA-2006:100",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-2452",
"datePublished": "2006-06-09T10:00:00",
"dateReserved": "2006-05-18T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1057 (GCVE-0-2006-1057)
Vulnerability from cvelistv5 – Published: 2006-04-25 01:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gdm-slavec-symlink(26092)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
},
{
"name": "ADV-2006-1465",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1465"
},
{
"name": "MDKSA-2006:083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
},
{
"name": "DSA-1040",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1040"
},
{
"name": "17635",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17635"
},
{
"name": "RHSA-2007:0286",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
},
{
"name": "oval:org.mitre.oval:def:10092",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
},
{
"name": "FEDORA-2006-338",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
},
{
"name": "USN-278-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/278-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "gdm-slavec-symlink(26092)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260\u0026r2=1.261"
},
{
"name": "ADV-2006-1465",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1465"
},
{
"name": "MDKSA-2006:083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083"
},
{
"name": "DSA-1040",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1040"
},
{
"name": "17635",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17635"
},
{
"name": "RHSA-2007:0286",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html"
},
{
"name": "oval:org.mitre.oval:def:10092",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092"
},
{
"name": "FEDORA-2006-338",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html"
},
{
"name": "USN-278-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/278-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-1057",
"datePublished": "2006-04-25T01:00:00",
"dateReserved": "2006-03-07T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0794 (GCVE-0-2003-0794)
Vulnerability from cvelistv5 – Published: 2003-10-21 04:00 – Updated: 2024-08-08 02:05
VLAI?
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gdm-command-dos(13448)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gdm-command-dos(13448)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gdm-command-dos(13448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448"
},
{
"name": "MDKSA-2003:100",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "CLA-2003:766",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8846"
},
{
"name": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome",
"refsource": "CONFIRM",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0794",
"datePublished": "2003-10-21T04:00:00",
"dateReserved": "2003-09-17T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0793 (GCVE-0-2003-0793)
Vulnerability from cvelistv5 – Published: 2003-10-21 04:00 – Updated: 2024-08-08 02:05
VLAI?
Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "gdm-dos(13447)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2003:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "gdm-dos(13447)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"name": "CLA-2003:766",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8846"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2003:100",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100"
},
{
"name": "gdm-dos(13447)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447"
},
{
"name": "CLA-2003:766",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000766"
},
{
"name": "8846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8846"
},
{
"name": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome",
"refsource": "CONFIRM",
"url": "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS\u0026rev=\u0026root=/cvs/gnome"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0793",
"datePublished": "2003-10-21T04:00:00",
"dateReserved": "2003-09-17T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0548 (GCVE-0-2003-0548)
Vulnerability from cvelistv5 – Published: 2003-08-22 04:00 – Updated: 2024-08-08 01:58
VLAI?
Summary
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:10.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:113",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113"
},
{
"name": "RHSA-2003:259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:113",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113"
},
{
"name": "RHSA-2003:259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2003:729",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:113",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113"
},
{
"name": "RHSA-2003:259",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"name": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"refsource": "CONFIRM",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0548",
"datePublished": "2003-08-22T04:00:00",
"dateReserved": "2003-07-14T00:00:00",
"dateUpdated": "2024-08-08T01:58:10.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0549 (GCVE-0-2003-0549)
Vulnerability from cvelistv5 – Published: 2003-08-22 04:00 – Updated: 2024-08-08 01:58
VLAI?
Summary
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:10.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:129",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129"
},
{
"name": "RHSA-2003:259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:129",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129"
},
{
"name": "RHSA-2003:259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2003:729",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:129",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129"
},
{
"name": "RHSA-2003:259",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-259.html"
},
{
"name": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"refsource": "CONFIRM",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0549",
"datePublished": "2003-08-22T04:00:00",
"dateReserved": "2003-07-14T00:00:00",
"dateUpdated": "2024-08-08T01:58:10.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0547 (GCVE-0-2003-0547)
Vulnerability from cvelistv5 – Published: 2003-08-22 04:00 – Updated: 2024-08-08 01:58
VLAI?
Summary
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:112",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"name": "20030824 [slackware-security] GDM security update (SSA:2003-236-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2003:729",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:112",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"name": "20030824 [slackware-security] GDM security update (SSA:2003-236-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2003:729",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000729"
},
{
"name": "RHSA-2003:258",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:112",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
},
{
"name": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"refsource": "CONFIRM",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"name": "20030824 [slackware-security] GDM security update (SSA:2003-236-01)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106194792924122\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0547",
"datePublished": "2003-08-22T04:00:00",
"dateReserved": "2003-07-14T00:00:00",
"dateUpdated": "2024-08-08T01:58:11.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0504 (GCVE-0-2000-0504)
Vulnerability from cvelistv5 – Published: 2001-05-07 04:00 – Updated: 2024-08-08 05:21
VLAI?
Summary
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xfree86.org/security/"
},
{
"name": "1369",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1369"
},
{
"name": "20000619 XFree86: libICE DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xfree86.org/security/"
},
{
"name": "1369",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1369"
},
{
"name": "20000619 XFree86: libICE DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.xfree86.org/security/",
"refsource": "CONFIRM",
"url": "http://www.xfree86.org/security/"
},
{
"name": "1369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1369"
},
{
"name": "20000619 XFree86: libICE DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0504",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0491 (GCVE-0-2000-0491)
Vulnerability from cvelistv5 – Published: 2000-07-12 04:00 – Updated: 2024-08-08 05:21
VLAI?
Summary
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:30.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000607 Conectiva Linux Security Announcement - gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html"
},
{
"name": "1279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1279"
},
{
"name": "1370",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1370"
},
{
"name": "1233",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1233"
},
{
"name": "20000524 Security hole in gdm \u003c= 2.0beta4-25",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_49.html"
},
{
"name": "CSSA-2000-013.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt"
},
{
"name": "20000521 \"gdm\" remote hole",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-04-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000607 Conectiva Linux Security Announcement - gdm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html"
},
{
"name": "1279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1279"
},
{
"name": "1370",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1370"
},
{
"name": "1233",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1233"
},
{
"name": "20000524 Security hole in gdm \u003c= 2.0beta4-25",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_49.html"
},
{
"name": "CSSA-2000-013.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt"
},
{
"name": "20000521 \"gdm\" remote hole",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000607 Conectiva Linux Security Announcement - gdm",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html"
},
{
"name": "1279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1279"
},
{
"name": "1370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1370"
},
{
"name": "1233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1233"
},
{
"name": "20000524 Security hole in gdm \u003c= 2.0beta4-25",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_49.html"
},
{
"name": "CSSA-2000-013.0",
"refsource": "CALDERA",
"url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt"
},
{
"name": "20000521 \"gdm\" remote hole",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0491",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:30.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}