Lucene search

[email protected]CVE-2006-2452

HistoryJun 09, 2006 - 10:02 a.m.

CVE-2006-2452

2006-06-0910:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

gnome

gdm

face browser

local users

additional privileges

cve-2006-2452

nvd

6.5 Medium

AI Score

Confidence

Low

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.4%

JSON

GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the “face browser” feature is enabled, allows local users to access the “Configure Login Manager” functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.

CPENameOperatorVersion
gnome:gdmgnome gdmeq2.12
gnome:gdmgnome gdmeq2.15
gnome:gdmgnome gdmeq2.8
gnome:gdmgnome gdmeq2.14

CPE	Name	Operator	Version
gnome:gdm	gnome gdm	eq	2.12
gnome:gdm	gnome gdm	eq	2.15
gnome:gdm	gnome gdm	eq	2.8
gnome:gdm	gnome gdm	eq	2.14

References

bugzilla.gnome.org/show_bug.cgi?id=343476

lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html

secunia.com/advisories/20532

secunia.com/advisories/20552

secunia.com/advisories/20587

secunia.com/advisories/20627

secunia.com/advisories/20636

www.gentoo.org/security/en/glsa/glsa-200606-14.xml

www.mandriva.com/security/advisories?name=MDKSA-2006:100

www.securityfocus.com/archive/1/436428

www.securityfocus.com/bid/18332

www.vupen.com/english/advisories/2006/2239

exchange.xforce.ibmcloud.com/vulnerabilities/27018

usn.ubuntu.com/293-1/

6.5 Medium

AI Score

Confidence

Low

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.4%

JSON

Related for CVE-2006-2452

nessus5 openvas3 ubuntucve1 securityvulns1 prion1 gentoo1 ubuntu1 cvelist1