GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | gdm3 | < 43.0-3 | gdm3_43.0-3_all.deb |
Debian | 11 | all | gdm3 | < 3.38.2.1-1 | gdm3_3.38.2.1-1_all.deb |
Debian | 10 | all | gdm3 | < 3.30.2-3 | gdm3_3.30.2-3_all.deb |
Debian | 999 | all | gdm3 | < 46.0-2 | gdm3_46.0-2_all.deb |
Debian | 13 | all | gdm3 | < 46.0-2 | gdm3_46.0-2_all.deb |