Lucene search

Gentoo FoundationGLSA-200606-14

HistoryJun 12, 2006 - 12:00 a.m.

GDM: Privilege escalation

2006-06-1200:00:00

Gentoo Foundation

security.gentoo.org

3.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.7%

JSON

Background

GDM is the GNOME display manager.

Description

GDM allows a normal user to access the configuration manager.

Impact

When the “face browser” in GDM is enabled, a normal user can use the “configure login manager” with his/her own password instead of the root password, and thus gain additional privileges.

Workaround

There is no known workaround at this time.

Resolution

All GDM users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=gnome-base/gdm-2.8.0.8"

OSVersionArchitecturePackageVersionFilename
Gentooanyallgnome-base/gdm< 2.8.0.8UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	gnome-base/gdm	< 2.8.0.8	UNKNOWN

3.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for GLSA-200606-14