gdm -- privilege escalation vulnerability

2011-03-28T00:00:00
ID C6FBD447-59ED-11E0-8D04-0015F2DB7BDE
Type freebsd
Reporter FreeBSD
Modified 2011-03-28T00:00:00

Description

Sebastian Krahmer reports:

It was discovered that the GNOME Display Manager (gdm) cleared the cache directory, which is owned by an unprivileged user, with the privileges of the root user. A race condition exists in gdm where a local user could take advantage of this by writing to the cache directory between ending the session and the signal to clean up the session, which could lead to the execution of arbitrary code as the root user.