GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the “face browser” feature is enabled, allows local users to access the “Configure Login Manager” functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
bugzilla.gnome.org/show_bug.cgi?id=343476
lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html
secunia.com/advisories/20532
secunia.com/advisories/20552
secunia.com/advisories/20587
secunia.com/advisories/20627
secunia.com/advisories/20636
www.gentoo.org/security/en/glsa/glsa-200606-14.xml
www.mandriva.com/security/advisories?name=MDKSA-2006:100
www.securityfocus.com/archive/1/436428
www.securityfocus.com/bid/18332
www.vupen.com/english/advisories/2006/2239
exchange.xforce.ibmcloud.com/vulnerabilities/27018
usn.ubuntu.com/293-1/