Scientific Linux Security Update : gdm on SL6.x i386/x86_64
2012-08-01T00:00:00
ID SL_20110329_GDM_ON_SL6_X.NASL Type nessus Reporter Tenable Modified 2012-08-01T00:00:00
Description
The GNOME Display Manager (GDM) provides the graphical login screen, shown shortly after boot up, log out, and when user-switching.
A race condition flaw was found in the way GDM handled the cache directories used to store users' dmrc and face icon files. A local attacker could use this flaw to trick GDM into changing the ownership of an arbitrary file via a symbolic link attack, allowing them to escalate their privileges. (CVE-2011-0727)
We would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include("compat.inc");
if (description)
{
script_id(60998);
script_version("$Revision: 1.1 $");
script_cvs_date("$Date: 2012/08/01 14:38:55 $");
script_cve_id("CVE-2011-0727");
script_name(english:"Scientific Linux Security Update : gdm on SL6.x i386/x86_64");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"The GNOME Display Manager (GDM) provides the graphical login screen,
shown shortly after boot up, log out, and when user-switching.
A race condition flaw was found in the way GDM handled the cache
directories used to store users' dmrc and face icon files. A local
attacker could use this flaw to trick GDM into changing the ownership
of an arbitrary file via a symbolic link attack, allowing them to
escalate their privileges. (CVE-2011-0727)
We would like to thank Sebastian Krahmer of the SuSE Security Team for
reporting this issue."
);
# http://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=10293
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?cfae23c8"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"patch_publication_date", value:"2011/03/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012 Tenable Network Security, Inc.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL6", reference:"gdm-2.30.4-21.el6_0.1")) flag++;
if (rpm_check(release:"SL6", reference:"gdm-libs-2.30.4-21.el6_0.1")) flag++;
if (rpm_check(release:"SL6", reference:"gdm-plugin-fingerprint-2.30.4-21.el6_0.1")) flag++;
if (rpm_check(release:"SL6", reference:"gdm-plugin-smartcard-2.30.4-21.el6_0.1")) flag++;
if (rpm_check(release:"SL6", reference:"gdm-user-switch-applet-2.30.4-21.el6_0.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "SL_20110329_GDM_ON_SL6_X.NASL", "bulletinFamily": "scanner", "title": "Scientific Linux Security Update : gdm on SL6.x i386/x86_64", "description": "The GNOME Display Manager (GDM) provides the graphical login screen, shown shortly after boot up, log out, and when user-switching.\n\nA race condition flaw was found in the way GDM handled the cache directories used to store users' dmrc and face icon files. A local attacker could use this flaw to trick GDM into changing the ownership of an arbitrary file via a symbolic link attack, allowing them to escalate their privileges. (CVE-2011-0727)\n\nWe would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.", "published": "2012-08-01T00:00:00", "modified": "2012-08-01T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60998", "reporter": "Tenable", "references": ["http://www.nessus.org/u?cfae23c8"], "cvelist": ["CVE-2011-0727"], "type": "nessus", "lastseen": "2018-09-01T23:57:14", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2011-0727"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The GNOME Display Manager (GDM) provides the graphical login screen, shown shortly after boot up, log out, and when user-switching.\n\nA race condition flaw was found in the way GDM handled the cache directories used to store users' dmrc and face icon files. A local attacker could use this flaw to trick GDM into changing the ownership of an arbitrary file via a symbolic link attack, allowing them to escalate their privileges. (CVE-2011-0727)\n\nWe would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "a85e8eac0db6482cf84bdbb336d6a1193918e591600f8d1e3f1dd32f143b5cf4", "hashmap": [{"hash": "ff0a49ac31c21a4ff5bdc5073f668c3e", "key": "description"}, {"hash": "0a3e9e773f0266bbda2fbffd506c83d9", "key": "cvelist"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6a1acd12b339790f85a4783cccd8ed63", "key": "sourceData"}, {"hash": "27a93a5003386b1edcd7507f21ad10fe", "key": "references"}, {"hash": "74c604e8b9f9db48194a6457dc531e73", "key": "pluginID"}, {"hash": "d67753189b7bd1c5e38747a3a72f585f", "key": "href"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "1b450201bdc3966e03c8568c8ebe6b4d", "key": "title"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=60998", "id": "SL_20110329_GDM_ON_SL6_X.NASL", "lastseen": "2018-08-30T19:49:51", "modified": "2012-08-01T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "60998", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?cfae23c8"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60998);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:38:55 $\");\n\n script_cve_id(\"CVE-2011-0727\");\n\n script_name(english:\"Scientific Linux Security Update : gdm on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GNOME Display Manager (GDM) provides the graphical login screen,\nshown shortly after boot up, log out, and when user-switching.\n\nA race condition flaw was found in the way GDM handled the cache\ndirectories used to store users' dmrc and face icon files. A local\nattacker could use this flaw to trick GDM into changing the ownership\nof an arbitrary file via a symbolic link attack, allowing them to\nescalate their privileges. (CVE-2011-0727)\n\nWe would like to thank Sebastian Krahmer of the SuSE Security Team for\nreporting this issue.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=10293\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cfae23c8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"gdm-2.30.4-21.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gdm-libs-2.30.4-21.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gdm-plugin-fingerprint-2.30.4-21.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gdm-plugin-smartcard-2.30.4-21.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gdm-user-switch-applet-2.30.4-21.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : gdm on SL6.x i386/x86_64", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:49:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2011-0727"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The GNOME Display Manager (GDM) provides the graphical login screen, shown shortly after boot up, log out, and when user-switching.\n\nA race condition flaw was found in the way GDM handled the cache directories used to store users' dmrc and face icon files. A local attacker could use this flaw to trick GDM into changing the ownership of an arbitrary file via a symbolic link attack, allowing them to escalate their privileges. (CVE-2011-0727)\n\nWe would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.", "edition": 2, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "e6d16201bebbe61fba258c6a641b101283ac3e94f79beb7b4e7510bde5721c7d", "hashmap": [{"hash": "ff0a49ac31c21a4ff5bdc5073f668c3e", "key": "description"}, {"hash": "0a3e9e773f0266bbda2fbffd506c83d9", "key": "cvelist"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6a1acd12b339790f85a4783cccd8ed63", "key": "sourceData"}, {"hash": "27a93a5003386b1edcd7507f21ad10fe", "key": "references"}, {"hash": "74c604e8b9f9db48194a6457dc531e73", "key": "pluginID"}, {"hash": "d67753189b7bd1c5e38747a3a72f585f", "key": "href"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "1b450201bdc3966e03c8568c8ebe6b4d", "key": "title"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=60998", "id": "SL_20110329_GDM_ON_SL6_X.NASL", "lastseen": "2017-10-29T13:41:39", "modified": "2012-08-01T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "60998", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?cfae23c8"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60998);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:38:55 $\");\n\n script_cve_id(\"CVE-2011-0727\");\n\n script_name(english:\"Scientific Linux Security Update : gdm on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GNOME Display Manager (GDM) provides the graphical login screen,\nshown shortly after boot up, log out, and when user-switching.\n\nA race condition flaw was found in the way GDM handled the cache\ndirectories used to store users' dmrc and face icon files. A local\nattacker could use this flaw to trick GDM into changing the ownership\nof an arbitrary file via a symbolic link attack, allowing them to\nescalate their privileges. (CVE-2011-0727)\n\nWe would like to thank Sebastian Krahmer of the SuSE Security Team for\nreporting this issue.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=10293\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cfae23c8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"gdm-2.30.4-21.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gdm-libs-2.30.4-21.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gdm-plugin-fingerprint-2.30.4-21.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gdm-plugin-smartcard-2.30.4-21.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gdm-user-switch-applet-2.30.4-21.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : gdm on SL6.x i386/x86_64", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:41:39"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2011-0727"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The GNOME Display Manager (GDM) provides the graphical login screen, shown shortly after boot up, log out, and when user-switching.\n\nA race condition flaw was found in the way GDM handled the cache directories used to store users' dmrc and face icon files. A local attacker could use this flaw to trick GDM into changing the ownership of an arbitrary file via a symbolic link attack, allowing them to escalate their privileges. (CVE-2011-0727)\n\nWe would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.", "edition": 1, "enchantments": {}, "hash": "4dc71d91daa75be7b62342849b1a9f3e161d95a1516b721ff50c6add8edb66f8", "hashmap": [{"hash": "ff0a49ac31c21a4ff5bdc5073f668c3e", "key": "description"}, {"hash": "0a3e9e773f0266bbda2fbffd506c83d9", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6a1acd12b339790f85a4783cccd8ed63", "key": "sourceData"}, {"hash": "27a93a5003386b1edcd7507f21ad10fe", "key": "references"}, {"hash": "74c604e8b9f9db48194a6457dc531e73", "key": "pluginID"}, {"hash": "d67753189b7bd1c5e38747a3a72f585f", "key": "href"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "1b450201bdc3966e03c8568c8ebe6b4d", "key": "title"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=60998", "id": "SL_20110329_GDM_ON_SL6_X.NASL", "lastseen": "2016-09-26T17:25:35", "modified": "2012-08-01T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.2", "pluginID": "60998", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?cfae23c8"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60998);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:38:55 $\");\n\n script_cve_id(\"CVE-2011-0727\");\n\n script_name(english:\"Scientific Linux Security Update : gdm on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GNOME Display Manager (GDM) provides the graphical login screen,\nshown shortly after boot up, log out, and when user-switching.\n\nA race condition flaw was found in the way GDM handled the cache\ndirectories used to store users' dmrc and face icon files. A local\nattacker could use this flaw to trick GDM into changing the ownership\nof an arbitrary file via a symbolic link attack, allowing them to\nescalate their privileges. (CVE-2011-0727)\n\nWe would like to thank Sebastian Krahmer of the SuSE Security Team for\nreporting this issue.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=10293\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cfae23c8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"gdm-2.30.4-21.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gdm-libs-2.30.4-21.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gdm-plugin-fingerprint-2.30.4-21.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gdm-plugin-smartcard-2.30.4-21.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gdm-user-switch-applet-2.30.4-21.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : gdm on SL6.x i386/x86_64", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:35"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "b1e432cd926620a2b9bd9816ef9503c6"}, {"key": "cvelist", "hash": "0a3e9e773f0266bbda2fbffd506c83d9"}, {"key": "cvss", "hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9"}, {"key": "description", "hash": "ff0a49ac31c21a4ff5bdc5073f668c3e"}, {"key": "href", "hash": "d67753189b7bd1c5e38747a3a72f585f"}, {"key": "modified", "hash": "3ff4afbf9eedf98937c2e5c5cf13456f"}, {"key": "naslFamily", "hash": "b3a4d461a1383c8ba9fa401b58d29827"}, {"key": "pluginID", "hash": "74c604e8b9f9db48194a6457dc531e73"}, {"key": "published", "hash": "3ff4afbf9eedf98937c2e5c5cf13456f"}, {"key": "references", "hash": "27a93a5003386b1edcd7507f21ad10fe"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "6a1acd12b339790f85a4783cccd8ed63"}, {"key": "title", "hash": "1b450201bdc3966e03c8568c8ebe6b4d"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "e6d16201bebbe61fba258c6a641b101283ac3e94f79beb7b4e7510bde5721c7d", "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60998);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:38:55 $\");\n\n script_cve_id(\"CVE-2011-0727\");\n\n script_name(english:\"Scientific Linux Security Update : gdm on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GNOME Display Manager (GDM) provides the graphical login screen,\nshown shortly after boot up, log out, and when user-switching.\n\nA race condition flaw was found in the way GDM handled the cache\ndirectories used to store users' dmrc and face icon files. A local\nattacker could use this flaw to trick GDM into changing the ownership\nof an arbitrary file via a symbolic link attack, allowing them to\nescalate their privileges. (CVE-2011-0727)\n\nWe would like to thank Sebastian Krahmer of the SuSE Security Team for\nreporting this issue.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=10293\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cfae23c8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"gdm-2.30.4-21.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gdm-libs-2.30.4-21.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gdm-plugin-fingerprint-2.30.4-21.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gdm-plugin-smartcard-2.30.4-21.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gdm-user-switch-applet-2.30.4-21.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Scientific Linux Local Security Checks", "pluginID": "60998", "cpe": ["x-cpe:/o:fermilab:scientific_linux"]}
{"cve": [{"lastseen": "2017-08-17T10:42:41", "references": ["http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html", "http://www.vupen.com/english/advisories/2011/0911", "http://www.debian.org/security/2011/dsa-2205", "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377", "http://www.ubuntu.com/usn/USN-1099-1", "http://www.redhat.com/support/errata/RHSA-2011-0395.html", "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html", "http://www.vupen.com/english/advisories/2011/0786", "https://bugzilla.redhat.com/show_bug.cgi?id=688323", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070", "http://securitytracker.com/id?1025264", "http://www.vupen.com/english/advisories/2011/0787", "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html", "http://www.vupen.com/english/advisories/2011/0797", "http://www.securityfocus.com/bid/47063", "http://www.vupen.com/english/advisories/2011/0847", "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"], "description": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.", "edition": 2, "reporter": "NVD", "published": "2011-03-31T18:55:02", "title": "CVE-2011-0727", "type": "cve", "enchantments": {"score": {"modified": "2017-08-17T10:42:41", "vector": "NONE", "value": 2.1}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2011-0727"], "scanner": [], "modified": "2017-08-16T21:33:42", "cpe": ["cpe:/a:gnome:gdm:2.30", "cpe:/a:gnome:gdm:2.27", "cpe:/a:gnome:gdm:2.29", "cpe:/a:gnome:gdm:2.32", "cpe:/a:gnome:gdm:2.6", "cpe:/a:gnome:gdm:2.31", "cpe:/a:gnome:gdm:2.8", "cpe:/a:gnome:gdm:2.26", "cpe:/a:gnome:gdm:2.4", "cpe:/a:gnome:gdm:2.2", "cpe:/a:gnome:gdm:2.16", "cpe:/a:gnome:gdm:2.18", "cpe:/a:gnome:gdm:2.15", "cpe:/a:gnome:gdm:2.19", "cpe:/a:gnome:gdm:2.24", "cpe:/a:gnome:gdm:2.21", "cpe:/a:gnome:gdm:2.17", "cpe:/a:gnome:gdm:2.5", "cpe:/a:gnome:gdm:2.25", "cpe:/a:gnome:gdm:2.3", "cpe:/a:gnome:gdm:2.28", "cpe:/a:gnome:gdm:2.22", "cpe:/a:gnome:gdm:2.0", "cpe:/a:gnome:gdm:2.20", "cpe:/a:gnome:gdm:2.13", "cpe:/a:gnome:gdm:2.23", "cpe:/a:gnome:gdm:2.14"], "id": "CVE-2011-0727", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0727", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-12-04T11:27:31", "references": ["http://www.ubuntu.com/usn/usn-1099-1/", "1099-1"], "pluginID": "840619", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1099-1", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-04-01T00:00:00", "title": "Ubuntu Update for gdm vulnerability USN-1099-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840619", "id": "OPENVAS:840619", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1099_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for gdm vulnerability USN-1099-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sebastian Krahmer discovered that GDM (GNOME Display Manager) did not\n properly drop privileges when handling the cache directories used\n to store users' dmrc and face icon files. This could allow a local\n attacker to change the ownership of arbitrary files, thereby gaining\n root privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1099-1\";\ntag_affected = \"gdm vulnerability on Ubuntu 9.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1099-1/\");\n script_id(840619);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-01 15:34:04 +0200 (Fri, 01 Apr 2011)\");\n script_xref(name: \"USN\", value: \"1099-1\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-0727\");\n script_name(\"Ubuntu Update for gdm vulnerability USN-1099-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gdm\", ver:\"2.28.1-0ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gdm\", ver:\"2.30.5-0ubuntu4.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gdm\", ver:\"2.30.2.is.2.30.0-0ubuntu5.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:45", "references": [], "pluginID": "69358", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com", "published": "2011-05-12T00:00:00", "title": "FreeBSD Ports: gdm", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2017-02-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=69358", "id": "OPENVAS:69358", "sourceData": "#\n#VID c6fbd447-59ed-11e0-8d04-0015f2db7bde\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID c6fbd447-59ed-11e0-8d04-0015f2db7bde\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: gdm\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://mail.gnome.org/archives/distributor-list/2011-March/msg00008.html\nhttps://bugzilla.redhat.com/show_bug.cgi?id=688323\nhttp://www.vuxml.org/freebsd/c6fbd447-59ed-11e0-8d04-0015f2db7bde.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(69358);\n script_version(\"$Revision: 5424 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-0727\");\n script_name(\"FreeBSD Ports: gdm\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"gdm\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.30.5_2\")<0) {\n txt += 'Package gdm version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:23", "references": [], "pluginID": "69415", "description": "The remote host is missing an update to gdm3\nannounced via advisory DSA 2205-1.", "edition": 2, "reporter": "Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com", "published": "2011-05-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Debian Security Advisory DSA 2205-1 (gdm3)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=69415", "id": "OPENVAS:69415", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2205_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2205-1 (gdm3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sebastian Krahmer discovered that the gdm3, the GNOME Desktop Manager,\ndoes not properly drop privileges when manipulating files related to\nthe logged-in user. As a result, local users can gain root\nprivileges.\n\nThe oldstable distribution (lenny) does not contain a gdm3 package.\nThe gdm package is not affected by this issue.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.30.5-6squeeze2.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your gdm3 packages.\";\ntag_summary = \"The remote host is missing an update to gdm3\nannounced via advisory DSA 2205-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202205-1\";\n\n\nif(description)\n{\n script_id(69415);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-0727\");\n script_name(\"Debian Security Advisory DSA 2205-1 (gdm3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gdm3\", ver:\"2.30.5-6squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:07:04", "references": ["2011:070", "http://lists.mandriva.com/security-announce/2011-04/msg00014.php"], "pluginID": "1361412562310831370", "description": "The remote host is missing an update for the ", "edition": 6, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-04-11T00:00:00", "title": "Mandriva Update for gdm MDVSA-2011:070 (gdm)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831370", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831370", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for gdm MDVSA-2011:070 (gdm)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-04/msg00014.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831370\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-11 15:05:25 +0200 (Mon, 11 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:070\");\n script_cve_id(\"CVE-2011-0727\");\n script_name(\"Mandriva Update for gdm MDVSA-2011:070 (gdm)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gdm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_2010\\.1\");\n script_tag(name:\"affected\", value:\"gdm on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\");\n script_tag(name:\"insight\", value:\"A vulnerability has been found and corrected in gdm:\n\n GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to\n change the ownership of arbitrary files via a symlink attack on a\n (1) dmrc or (2) face icon file under /var/cache/gdm/ (CVE-2011-0727).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"gdm\", rpm:\"gdm~2.30.2~12.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gdm-user-switch-applet\", rpm:\"gdm-user-switch-applet~2.30.2~12.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:58:15", "references": ["2011:0395-01", "https://www.redhat.com/archives/rhsa-announce/2011-March/msg00045.html"], "pluginID": "870684", "description": "Check for the Version of gdm", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-06-06T00:00:00", "title": "RedHat Update for gdm RHSA-2011:0395-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2018-01-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870684", "id": "OPENVAS:870684", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gdm RHSA-2011:0395-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GNOME Display Manager (GDM) provides the graphical login screen, shown\n shortly after boot up, log out, and when user-switching.\n\n A race condition flaw was found in the way GDM handled the cache\n directories used to store users' dmrc and face icon files. A local attacker\n could use this flaw to trick GDM into changing the ownership of an\n arbitrary file via a symbolic link attack, allowing them to escalate their\n privileges. (CVE-2011-0727)\n\n Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for\n reporting this issue.\n\n All users should upgrade to these updated packages, which contain a\n backported patch to correct this issue. GDM must be restarted for this\n update to take effect. Rebooting achieves this, but changing the runlevel\n from 5 to 3 and back to 5 also restarts GDM.\";\n\ntag_affected = \"gdm on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-March/msg00045.html\");\n script_id(870684);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:46:12 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2011-0727\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0395-01\");\n script_name(\"RedHat Update for gdm RHSA-2011:0395-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gdm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"gdm\", rpm:\"gdm~2.30.4~21.el6_0.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gdm-debuginfo\", rpm:\"gdm-debuginfo~2.30.4~21.el6_0.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gdm-libs\", rpm:\"gdm-libs~2.30.4~21.el6_0.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gdm-plugin-fingerprint\", rpm:\"gdm-plugin-fingerprint~2.30.4~21.el6_0.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gdm-plugin-smartcard\", rpm:\"gdm-plugin-smartcard~2.30.4~21.el6_0.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gdm-user-switch-applet\", rpm:\"gdm-user-switch-applet~2.30.4~21.el6_0.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:47", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html", "2011-4351"], "pluginID": "862985", "description": "Check for the Version of gdm", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-04-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for gdm FEDORA-2011-4351", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862985", "id": "OPENVAS:862985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gdm FEDORA-2011-4351\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gdm on Fedora 13\";\ntag_insight = \"GDM provides the graphical login screen, shown shortly after boot up,\n log out, and when user-switching.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html\");\n script_id(862985);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-19 07:58:39 +0200 (Tue, 19 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-4351\");\n script_cve_id(\"CVE-2011-0727\");\n script_name(\"Fedora Update for gdm FEDORA-2011-4351\");\n\n script_summary(\"Check for the Version of gdm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"gdm\", rpm:\"gdm~2.30.2~2.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:03:08", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html", "2011-4335"], "pluginID": "1361412562310862965", "description": "Check for the Version of gdm", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-04-06T00:00:00", "title": "Fedora Update for gdm FEDORA-2011-4335", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310862965", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862965", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gdm FEDORA-2011-4335\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gdm on Fedora 14\";\ntag_insight = \"GDM provides the graphical login screen, shown shortly after boot up,\n log out, and when user-switching.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862965\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-06 16:20:31 +0200 (Wed, 06 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-4335\");\n script_cve_id(\"CVE-2011-0727\");\n script_name(\"Fedora Update for gdm FEDORA-2011-4335\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of gdm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"gdm\", rpm:\"gdm~2.32.1~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:04:17", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html", "2011-4351"], "pluginID": "1361412562310862985", "description": "Check for the Version of gdm", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-04-19T00:00:00", "title": "Fedora Update for gdm FEDORA-2011-4351", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310862985", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gdm FEDORA-2011-4351\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gdm on Fedora 13\";\ntag_insight = \"GDM provides the graphical login screen, shown shortly after boot up,\n log out, and when user-switching.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862985\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-19 07:58:39 +0200 (Tue, 19 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-4351\");\n script_cve_id(\"CVE-2011-0727\");\n script_name(\"Fedora Update for gdm FEDORA-2011-4351\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of gdm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"gdm\", rpm:\"gdm~2.30.2~2.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:02:37", "references": ["http://www.ubuntu.com/usn/usn-1099-1/", "1099-1"], "pluginID": "1361412562310840619", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1099-1", "edition": 5, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-04-01T00:00:00", "title": "Ubuntu Update for gdm vulnerability USN-1099-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310840619", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840619", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1099_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for gdm vulnerability USN-1099-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1099-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840619\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-01 15:34:04 +0200 (Fri, 01 Apr 2011)\");\n script_xref(name:\"USN\", value:\"1099-1\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-0727\");\n script_name(\"Ubuntu Update for gdm vulnerability USN-1099-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(9\\.10|10\\.10|10\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1099-1\");\n script_tag(name:\"affected\", value:\"gdm vulnerability on Ubuntu 9.10,\n Ubuntu 10.04 LTS,\n Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Sebastian Krahmer discovered that GDM (GNOME Display Manager) did not\n properly drop privileges when handling the cache directories used\n to store users' dmrc and face icon files. This could allow a local\n attacker to change the ownership of arbitrary files, thereby gaining\n root privileges.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gdm\", ver:\"2.28.1-0ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gdm\", ver:\"2.30.5-0ubuntu4.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gdm\", ver:\"2.30.2.is.2.30.0-0ubuntu5.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-08T12:47:20", "references": ["http://www.vuxml.org/freebsd/c6fbd447-59ed-11e0-8d04-0015f2db7bde.html", "https://bugzilla.redhat.com/show_bug.cgi?id=688323", "http://mail.gnome.org/archives/distributor-list/2011-March/msg00008.html"], "pluginID": "136141256231069358", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "edition": 5, "reporter": "Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com", "published": "2011-05-12T00:00:00", "title": "FreeBSD Ports: gdm", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231069358", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069358", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_gdm.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID c6fbd447-59ed-11e0-8d04-0015f2db7bde\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69358\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-0727\");\n script_name(\"FreeBSD Ports: gdm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: gdm\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://mail.gnome.org/archives/distributor-list/2011-March/msg00008.html\");\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688323\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/c6fbd447-59ed-11e0-8d04-0015f2db7bde.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"gdm\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.30.5_2\")<0) {\n txt += 'Package gdm version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:15", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=688323", "http://mail.gnome.org/archives/distributor-list/2011-March/msg00008.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.30.5_2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "gdm", "operator": "lt"}], "description": "\nSebastian Krahmer reports:\n\nIt was discovered that the GNOME Display Manager (gdm) cleared the cache\n\t directory, which is owned by an unprivileged user, with the privileges of the\n\t root user. A race condition exists in gdm where a local user could take\n\t advantage of this by writing to the cache directory between ending the session\n\t and the signal to clean up the session, which could lead to the execution of\n\t arbitrary code as the root user.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2011-03-28T00:00:00", "title": "gdm -- privilege escalation vulnerability", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-0727"], "modified": "2011-03-28T00:00:00", "id": "C6FBD447-59ED-11E0-8D04-0015F2DB7BDE", "href": "https://vuxml.freebsd.org/freebsd/c6fbd447-59ed-11e0-8d04-0015f2db7bde.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-11-24T03:25:33", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=688323", "http://www.nessus.org/u?6de515ff", "http://www.nessus.org/u?2fb5cfee"], "pluginID": "53217", "description": "Sebastian Krahmer reports :\n\nIt was discovered that the GNOME Display Manager (gdm) cleared the cache directory, which is owned by an unprivileged user, with the privileges of the root user. A race condition exists in gdm where a local user could take advantage of this by writing to the cache directory between ending the session and the signal to clean up the session, which could lead to the execution of arbitrary code as the root user.", "edition": 6, "reporter": "Tenable", "published": "2011-03-30T00:00:00", "title": "FreeBSD : gdm -- privilege escalation vulnerability (c6fbd447-59ed-11e0-8d04-0015f2db7bde)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2018-11-23T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:gdm", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_C6FBD44759ED11E08D040015F2DB7BDE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53217", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53217);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/23 12:49:57\");\n\n script_cve_id(\"CVE-2011-0727\");\n\n script_name(english:\"FreeBSD : gdm -- privilege escalation vulnerability (c6fbd447-59ed-11e0-8d04-0015f2db7bde)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sebastian Krahmer reports :\n\nIt was discovered that the GNOME Display Manager (gdm) cleared the\ncache directory, which is owned by an unprivileged user, with the\nprivileges of the root user. A race condition exists in gdm where a\nlocal user could take advantage of this by writing to the cache\ndirectory between ending the session and the signal to clean up the\nsession, which could lead to the execution of arbitrary code as the\nroot user.\"\n );\n # http://mail.gnome.org/archives/distributor-list/2011-March/msg00008.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2fb5cfee\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688323\"\n );\n # https://vuxml.freebsd.org/freebsd/c6fbd447-59ed-11e0-8d04-0015f2db7bde.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6de515ff\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gdm<2.30.5_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:40:57", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=691496", "http://www.nessus.org/u?7ce2bb04"], "pluginID": "53265", "description": "This update addresses a local root exploit.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2011-04-04T00:00:00", "title": "Fedora 14 : gdm-2.32.1-2.fc14 (2011-4335)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:gdm"], "id": "FEDORA_2011-4335.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53265", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-4335.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53265);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2011-0727\");\n script_bugtraq_id(47063);\n script_xref(name:\"FEDORA\", value:\"2011-4335\");\n\n script_name(english:\"Fedora 14 : gdm-2.32.1-2.fc14 (2011-4335)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses a local root exploit.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=691496\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ce2bb04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"gdm-2.32.1-2.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdm\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:53:15", "references": ["https://oss.oracle.com/pipermail/el-errata/2011-March/002040.html"], "pluginID": "68241", "description": "From Red Hat Security Advisory 2011:0395 :\n\nUpdated gdm packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe GNOME Display Manager (GDM) provides the graphical login screen, shown shortly after boot up, log out, and when user-switching.\n\nA race condition flaw was found in the way GDM handled the cache directories used to store users' dmrc and face icon files. A local attacker could use this flaw to trick GDM into changing the ownership of an arbitrary file via a symbolic link attack, allowing them to escalate their privileges. (CVE-2011-0727)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.\n\nAll users should upgrade to these updated packages, which contain a backported patch to correct this issue. GDM must be restarted for this update to take effect. Rebooting achieves this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : gdm (ELSA-2011-0395)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:gdm-user-switch-applet", "p-cpe:/a:oracle:linux:gdm-libs", "p-cpe:/a:oracle:linux:gdm-plugin-fingerprint", "p-cpe:/a:oracle:linux:gdm", "p-cpe:/a:oracle:linux:gdm-plugin-smartcard"], "id": "ORACLELINUX_ELSA-2011-0395.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68241", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0395 and \n# Oracle Linux Security Advisory ELSA-2011-0395 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68241);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2011-0727\");\n script_bugtraq_id(47063);\n script_xref(name:\"RHSA\", value:\"2011:0395\");\n\n script_name(english:\"Oracle Linux 6 : gdm (ELSA-2011-0395)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0395 :\n\nUpdated gdm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe GNOME Display Manager (GDM) provides the graphical login screen,\nshown shortly after boot up, log out, and when user-switching.\n\nA race condition flaw was found in the way GDM handled the cache\ndirectories used to store users' dmrc and face icon files. A local\nattacker could use this flaw to trick GDM into changing the ownership\nof an arbitrary file via a symbolic link attack, allowing them to\nescalate their privileges. (CVE-2011-0727)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security\nTeam for reporting this issue.\n\nAll users should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. GDM must be restarted for this\nupdate to take effect. Rebooting achieves this, but changing the\nrunlevel from 5 to 3 and back to 5 also restarts GDM.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-March/002040.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gdm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gdm-plugin-fingerprint\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gdm-plugin-smartcard\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gdm-user-switch-applet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"gdm-2.30.4-21.0.2.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"gdm-libs-2.30.4-21.0.2.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"gdm-plugin-fingerprint-2.30.4-21.0.2.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"gdm-plugin-smartcard-2.30.4-21.0.2.el6_0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"gdm-user-switch-applet-2.30.4-21.0.2.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdm / gdm-libs / gdm-plugin-fingerprint / gdm-plugin-smartcard / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-11T12:46:10", "references": ["https://packages.debian.org/source/squeeze/gdm3", "https://www.debian.org/security/2011/dsa-2205"], "pluginID": "53198", "description": "Sebastian Krahmer discovered that GDM 3, the GNOME Display Manager, does not properly drop privileges when manipulating files related to the logged-in user. As a result, local users can gain root privileges.\n\nThe oldstable distribution (lenny) does not contain a gdm3 package.\nThe gdm package is not affected by this issue.", "edition": 7, "reporter": "Tenable", "published": "2011-03-29T00:00:00", "title": "Debian DSA-2205-1 : gdm3 - privilege escalation", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:gdm3"], "id": "DEBIAN_DSA-2205.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53198", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2205. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53198);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2011-0727\");\n script_xref(name:\"DSA\", value:\"2205\");\n\n script_name(english:\"Debian DSA-2205-1 : gdm3 - privilege escalation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sebastian Krahmer discovered that GDM 3, the GNOME Display Manager,\ndoes not properly drop privileges when manipulating files related to\nthe logged-in user. As a result, local users can gain root privileges.\n\nThe oldstable distribution (lenny) does not contain a gdm3 package.\nThe gdm package is not affected by this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/gdm3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2205\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gdm3 packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.30.5-6squeeze2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gdm3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"gdm3\", reference:\"2.30.5-6squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-27T05:13:27", "references": ["https://access.redhat.com/errata/RHSA-2011:0395", "https://access.redhat.com/security/cve/cve-2011-0727"], "pluginID": "53207", "description": "Updated gdm packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe GNOME Display Manager (GDM) provides the graphical login screen, shown shortly after boot up, log out, and when user-switching.\n\nA race condition flaw was found in the way GDM handled the cache directories used to store users' dmrc and face icon files. A local attacker could use this flaw to trick GDM into changing the ownership of an arbitrary file via a symbolic link attack, allowing them to escalate their privileges. (CVE-2011-0727)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.\n\nAll users should upgrade to these updated packages, which contain a backported patch to correct this issue. GDM must be restarted for this update to take effect. Rebooting achieves this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM.", "edition": 8, "reporter": "Tenable", "published": "2011-03-29T00:00:00", "title": "RHEL 6 : gdm (RHSA-2011:0395)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2018-11-26T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gdm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:gdm-plugin-smartcard", "p-cpe:/a:redhat:enterprise_linux:gdm-libs", "p-cpe:/a:redhat:enterprise_linux:gdm-user-switch-applet", "p-cpe:/a:redhat:enterprise_linux:gdm-plugin-fingerprint", "p-cpe:/a:redhat:enterprise_linux:gdm", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2011-0395.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53207", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0395. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53207);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/11/26 11:02:14\");\n\n script_cve_id(\"CVE-2011-0727\");\n script_bugtraq_id(47063);\n script_xref(name:\"RHSA\", value:\"2011:0395\");\n\n script_name(english:\"RHEL 6 : gdm (RHSA-2011:0395)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gdm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe GNOME Display Manager (GDM) provides the graphical login screen,\nshown shortly after boot up, log out, and when user-switching.\n\nA race condition flaw was found in the way GDM handled the cache\ndirectories used to store users' dmrc and face icon files. A local\nattacker could use this flaw to trick GDM into changing the ownership\nof an arbitrary file via a symbolic link attack, allowing them to\nescalate their privileges. (CVE-2011-0727)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security\nTeam for reporting this issue.\n\nAll users should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. GDM must be restarted for this\nupdate to take effect. Rebooting achieves this, but changing the\nrunlevel from 5 to 3 and back to 5 also restarts GDM.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0395\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gdm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gdm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gdm-plugin-fingerprint\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gdm-plugin-smartcard\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gdm-user-switch-applet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0395\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"gdm-2.30.4-21.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"gdm-2.30.4-21.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"gdm-2.30.4-21.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"gdm-debuginfo-2.30.4-21.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"gdm-libs-2.30.4-21.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"gdm-plugin-fingerprint-2.30.4-21.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"gdm-plugin-fingerprint-2.30.4-21.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"gdm-plugin-fingerprint-2.30.4-21.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"gdm-plugin-smartcard-2.30.4-21.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"gdm-plugin-smartcard-2.30.4-21.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"gdm-plugin-smartcard-2.30.4-21.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"gdm-user-switch-applet-2.30.4-21.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"gdm-user-switch-applet-2.30.4-21.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"gdm-user-switch-applet-2.30.4-21.el6_0.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdm / gdm-debuginfo / gdm-libs / gdm-plugin-fingerprint / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:32:47", "references": [], "pluginID": "53349", "description": "A vulnerability has been found and corrected in gdm :\n\nGNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/ (CVE-2011-0727).\n\nThe updated packages have been patched to correct this issue.", "edition": 5, "reporter": "Tenable", "published": "2011-04-11T00:00:00", "title": "Mandriva Linux Security Advisory : gdm (MDVSA-2011:070)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:gdm-user-switch-applet", "p-cpe:/a:mandriva:linux:gdm", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2011-070.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53349", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:070. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53349);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2011-0727\");\n script_bugtraq_id(47063);\n script_xref(name:\"MDVSA\", value:\"2011:070\");\n\n script_name(english:\"Mandriva Linux Security Advisory : gdm (MDVSA-2011:070)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in gdm :\n\nGNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to\nchange the ownership of arbitrary files via a symlink attack on a (1)\ndmrc or (2) face icon file under /var/cache/gdm/ (CVE-2011-0727).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gdm and / or gdm-user-switch-applet packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gdm-user-switch-applet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"gdm-2.30.2-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"gdm-user-switch-applet-2.30.2-12.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:04:19", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=691496", "http://www.nessus.org/u?fa75f0fb"], "pluginID": "53437", "description": "This update addresses a local root exploit for GDM.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2011-04-15T00:00:00", "title": "Fedora 13 : gdm-2.30.2-2.fc13 (2011-4351)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2015-10-20T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:gdm"], "id": "FEDORA_2011-4351.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53437", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-4351.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53437);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:05:54 $\");\n\n script_cve_id(\"CVE-2011-0727\");\n script_bugtraq_id(47063);\n script_xref(name:\"FEDORA\", value:\"2011-4351\");\n\n script_name(english:\"Fedora 13 : gdm-2.30.2-2.fc13 (2011-4351)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses a local root exploit for GDM.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=691496\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa75f0fb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"gdm-2.30.2-2.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdm\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-02T15:42:46", "references": ["https://usn.ubuntu.com/1099-1/"], "pluginID": "53238", "description": "Sebastian Krahmer discovered that GDM (GNOME Display Manager) did not properly drop privileges when handling the cache directories used to store users' dmrc and face icon files. This could allow a local attacker to change the ownership of arbitrary files, thereby gaining root privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2011-03-31T00:00:00", "title": "Ubuntu 9.10 / 10.04 LTS / 10.10 : gdm vulnerability (USN-1099-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2018-12-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:gdm", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-1099-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53238", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1099-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53238);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2011-0727\");\n script_bugtraq_id(47063);\n script_xref(name:\"USN\", value:\"1099-1\");\n\n script_name(english:\"Ubuntu 9.10 / 10.04 LTS / 10.10 : gdm vulnerability (USN-1099-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sebastian Krahmer discovered that GDM (GNOME Display Manager) did not\nproperly drop privileges when handling the cache directories used to\nstore users' dmrc and face icon files. This could allow a local\nattacker to change the ownership of arbitrary files, thereby gaining\nroot privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1099-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"gdm\", pkgver:\"2.28.1-0ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"gdm\", pkgver:\"2.30.2.is.2.30.0-0ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"gdm\", pkgver:\"2.30.5-0ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdm\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T17:09:50", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=679786", "https://lists.opensuse.org/opensuse-updates/2011-04/msg00001.html"], "pluginID": "75511", "description": "Local users could trick gdm into changing ownership of arbitrary files by placing symlinks in the user session cache (CVE-2011-0727).", "edition": 5, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : gdm (openSUSE-SU-2011:0275-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gdm-branding-upstream", "p-cpe:/a:novell:opensuse:gdm-lang", "p-cpe:/a:novell:opensuse:gnome-applets-gdm", "p-cpe:/a:novell:opensuse:gdm", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_GDM-110330.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75511", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gdm-4250.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75511);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2011-0727\");\n\n script_name(english:\"openSUSE Security Update : gdm (openSUSE-SU-2011:0275-1)\");\n script_summary(english:\"Check for the gdm-4250 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Local users could trick gdm into changing ownership of arbitrary files\nby placing symlinks in the user session cache (CVE-2011-0727).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=679786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-04/msg00001.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdm-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdm-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnome-applets-gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"gdm-2.30.2-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"gdm-branding-upstream-2.30.2-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"gdm-lang-2.30.2-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"gnome-applets-gdm-2.30.2-6.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdm / gdm-branding-upstream / gdm-lang / gnome-applets-gdm\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T17:07:14", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=679786", "https://lists.opensuse.org/opensuse-updates/2011-04/msg00001.html"], "pluginID": "75847", "description": "Local users could trick gdm into changing ownership of arbitrary files by placing symlinks in the user session cache (CVE-2011-0727).", "edition": 5, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : gdm (openSUSE-SU-2011:0275-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0727"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gdm-branding-upstream", "p-cpe:/a:novell:opensuse:gdm-lang", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:gdm-debuginfo", "p-cpe:/a:novell:opensuse:gnome-applets-gdm-debuginfo", "p-cpe:/a:novell:opensuse:gnome-applets-gdm", "p-cpe:/a:novell:opensuse:gdm-debugsource", "p-cpe:/a:novell:opensuse:gdm"], "id": "SUSE_11_4_GDM-110330.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75847", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gdm-4250.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75847);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2011-0727\");\n\n script_name(english:\"openSUSE Security Update : gdm (openSUSE-SU-2011:0275-1)\");\n script_summary(english:\"Check for the gdm-4250 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Local users could trick gdm into changing ownership of arbitrary files\nby placing symlinks in the user session cache (CVE-2011-0727).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=679786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-04/msg00001.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdm-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdm-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnome-applets-gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnome-applets-gdm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gdm-2.32.0-9.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gdm-branding-upstream-2.32.0-9.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gdm-debuginfo-2.32.0-9.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gdm-debugsource-2.32.0-9.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gdm-lang-2.32.0-9.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gnome-applets-gdm-2.32.0-9.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gnome-applets-gdm-debuginfo-2.32.0-9.14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdm / gdm-branding-upstream / gdm-lang / gnome-applets-gdm / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:39", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2205-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nMarch 28, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : gdm3\r\nVulnerability : privilege escalation\r\nProblem type : local\r\nDebian-specific: no\r\nCVE ID : CVE-2011-0727 \r\n\r\nSebastian Krahmer discovered that the gdm3, the GNOME Desktop Manager,\r\ndoes not properly drop privileges when manipulating files related to\r\nthe logged-in user. As a result, local users can gain root\r\nprivileges.\r\n\r\nThe oldstable distribution (lenny) does not contain a gdm3 package.\r\nThe gdm package is not affected by this issue.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 2.30.5-6squeeze2.\r\n\r\nFor the testing distribution (wheezy) and the unstable distribution\r\n(sid), this problem will be fixed soon.\r\n\r\nWe recommend that you upgrade your gdm3 packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJNkOimAAoJEL97/wQC1SS+WHcH/3y+NC7jqXQG0wl7Styej5Pw\r\nkUKtoMtHIcv1hAdR8tIC+IrB4k4EnREXWP37dQMJnEnT58gzB1pUeFkoQa0NsQb+\r\no9WmtTZrJq8m15ONFRkW4rIDo/+Wx/LlMOoSmzcpWH7eXsE+WO29ItV4D7440zPU\r\nlvIVno3brnbV20T5e0+ZccBXbApZo9RBS8TUxvzj4Ro4CUjto/NgqWyiIMGPKgQZ\r\ntqFouRYmbhuiFlEL8elwCNoTSk5BCPQzVQ/CMY0OKov1vOpW4UQaUyKLyBZ2MiA5\r\nVO3vqwjUYKC6WFhjLMdD9lWPTAIzOqhziuE8WagBT2YjWqYkzCoddPiJuFP9bdE=\r\n=vK6Y\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2011-03-31T00:00:00", "title": "[SECURITY] [DSA 2205-1] gdm3 security update", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:39", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2011-0727"], "modified": "2011-03-31T00:00:00", "id": "SECURITYVULNS:DOC:26035", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26035", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:41", "references": ["https://vulners.com/securityvulns/securityvulns:doc:26035"], "description": "root privileges are not dropped on files access.", "edition": 1, "reporter": "BUGTRAQ", "published": "2011-03-31T00:00:00", "title": "GNOME Desktop Manager privilege escalation", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:41", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "gdm3", "version": "2.30", "operator": "eq"}], "cvelist": ["CVE-2011-0727"], "modified": "2011-03-31T00:00:00", "id": "SECURITYVULNS:VULN:11544", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11544", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:29", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2011-0727"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "2.30.2.is.2.30.0-0ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "gdm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "2.28.1-0ubuntu2.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "gdm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "2.30.5-0ubuntu4.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "gdm", "operator": "lt"}], "description": "Sebastian Krahmer discovered that GDM (GNOME Display Manager) did not properly drop privileges when handling the cache directories used to store users\u2019 dmrc and face icon files. This could allow a local attacker to change the ownership of arbitrary files, thereby gaining root privileges.", "edition": 3, "reporter": "Ubuntu", "published": "2011-03-30T00:00:00", "title": "GDM vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-0727"], "modified": "2011-03-30T00:00:00", "id": "USN-1099-1", "href": "https://usn.ubuntu.com/1099-1/", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:58", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "2.30.5-6squeeze2", "arch": "all", "packageFilename": "gdm3_2.30.5-6squeeze2_all.deb", "packageName": "gdm3", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2205-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nMarch 28, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gdm3\nVulnerability : privilege escalation\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2011-0727 \n\nSebastian Krahmer discovered that the gdm3, the GNOME Desktop Manager,\ndoes not properly drop privileges when manipulating files related to\nthe logged-in user. As a result, local users can gain root\nprivileges.\n\nThe oldstable distribution (lenny) does not contain a gdm3 package.\nThe gdm package is not affected by this issue.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.30.5-6squeeze2.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your gdm3 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2011-03-28T19:48:21", "title": "[SECURITY] [DSA 2205-1] gdm3 security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:58", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-0727"], "modified": "2011-03-28T19:48:21", "id": "DEBIAN:DSA-2205-1:42CF9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00073.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:43:06", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.30.4-21.el6_0.1", "arch": "i686", "packageName": "gdm-debuginfo", "packageFilename": "gdm-debuginfo-2.30.4-21.el6_0.1.i686.rpm", "operator": "lt"}], "description": "The GNOME Display Manager (GDM) provides the graphical login screen, shown\nshortly after boot up, log out, and when user-switching.\n\nA race condition flaw was found in the way GDM handled the cache\ndirectories used to store users' dmrc and face icon files. A local attacker\ncould use this flaw to trick GDM into changing the ownership of an\narbitrary file via a symbolic link attack, allowing them to escalate their\nprivileges. (CVE-2011-0727)\n\nRed Hat would like to thank Sebastian Krahmer of the SuSE Security Team for\nreporting this issue.\n\nAll users should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. GDM must be restarted for this\nupdate to take effect. Rebooting achieves this, but changing the runlevel\nfrom 5 to 3 and back to 5 also restarts GDM.\n", "reporter": "RedHat", "published": "2011-03-28T04:00:00", "type": "redhat", "title": "(RHSA-2011:0395) Moderate: gdm security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-0727"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:27", "id": "RHSA-2011:0395", "href": "https://access.redhat.com/errata/RHSA-2011:0395", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:42:24", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.30.4-21.0.2.el6_0.1", "arch": "i686", "packageFilename": "gdm-user-switch-applet-2.30.4-21.0.2.el6_0.1.i686.rpm", "packageName": "gdm-user-switch-applet", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.30.4-21.0.2.el6_0.1", "arch": "x86_64", "packageFilename": "gdm-libs-2.30.4-21.0.2.el6_0.1.x86_64.rpm", "packageName": "gdm-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.30.4-21.0.2.el6_0.1", "arch": "i686", "packageFilename": "gdm-plugin-fingerprint-2.30.4-21.0.2.el6_0.1.i686.rpm", "packageName": "gdm-plugin-fingerprint", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.30.4-21.0.2.el6_0.1", "arch": "x86_64", "packageFilename": "gdm-plugin-fingerprint-2.30.4-21.0.2.el6_0.1.x86_64.rpm", "packageName": "gdm-plugin-fingerprint", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.30.4-21.0.2.el6_0.1", "arch": "src", "packageFilename": "gdm-2.30.4-21.0.2.el6_0.1.src.rpm", "packageName": "gdm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.30.4-21.0.2.el6_0.1", "arch": "src", "packageFilename": "gdm-2.30.4-21.0.2.el6_0.1.src.rpm", "packageName": "gdm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.30.4-21.0.2.el6_0.1", "arch": "i686", "packageFilename": "gdm-libs-2.30.4-21.0.2.el6_0.1.i686.rpm", "packageName": "gdm-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.30.4-21.0.2.el6_0.1", "arch": "i686", "packageFilename": "gdm-libs-2.30.4-21.0.2.el6_0.1.i686.rpm", "packageName": "gdm-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.30.4-21.0.2.el6_0.1", "arch": "i686", "packageFilename": "gdm-2.30.4-21.0.2.el6_0.1.i686.rpm", "packageName": "gdm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.30.4-21.0.2.el6_0.1", "arch": "x86_64", "packageFilename": "gdm-user-switch-applet-2.30.4-21.0.2.el6_0.1.x86_64.rpm", "packageName": "gdm-user-switch-applet", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.30.4-21.0.2.el6_0.1", "arch": "x86_64", "packageFilename": "gdm-plugin-smartcard-2.30.4-21.0.2.el6_0.1.x86_64.rpm", "packageName": "gdm-plugin-smartcard", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.30.4-21.0.2.el6_0.1", "arch": "x86_64", "packageFilename": "gdm-2.30.4-21.0.2.el6_0.1.x86_64.rpm", "packageName": "gdm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.30.4-21.0.2.el6_0.1", "arch": "i686", "packageFilename": "gdm-plugin-smartcard-2.30.4-21.0.2.el6_0.1.i686.rpm", "packageName": "gdm-plugin-smartcard", "operator": "lt"}], "description": "[2.30.4-21.0.2.el6_0.1]\n- Added oracle-enterprise.patch to show oracle-release contents.\n[2.30.4-21.1]\n- Fix CVE-2011-0727", "edition": 3, "reporter": "Oracle", "published": "2011-03-28T00:00:00", "title": "gdm security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-0727"], "modified": "2011-03-28T00:00:00", "id": "ELSA-2011-0395", "href": "http://linux.oracle.com/errata/ELSA-2011-0395.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787", "https://bugs.gentoo.org/show_bug.cgi?id=370839", "https://bugs.gentoo.org/show_bug.cgi?id=358789", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815", "https://bugs.gentoo.org/show_bug.cgi?id=350598", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812", "https://bugs.gentoo.org/show_bug.cgi?id=194151", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790", "https://bugs.gentoo.org/show_bug.cgi?id=358785", "https://bugs.gentoo.org/show_bug.cgi?id=355207", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782", "https://bugs.gentoo.org/show_bug.cgi?id=294256", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097", "https://bugs.gentoo.org/show_bug.cgi?id=294253", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760", "https://bugs.gentoo.org/show_bug.cgi?id=386321", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578", "https://bugs.gentoo.org/show_bug.cgi?id=334087", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792", "https://bugs.gentoo.org/show_bug.cgi?id=354209", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042", "https://bugs.gentoo.org/show_bug.cgi?id=356893", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526", "https://bugs.gentoo.org/show_bug.cgi?id=366697", "https://bugs.gentoo.org/show_bug.cgi?id=346897", "https://bugs.gentoo.org/show_bug.cgi?id=369069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814", "https://bugs.gentoo.org/show_bug.cgi?id=376793", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472", "https://bugs.gentoo.org/show_bug.cgi?id=366699", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023", "https://bugs.gentoo.org/show_bug.cgi?id=344059", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389", "https://bugs.gentoo.org/show_bug.cgi?id=360891", "https://bugs.gentoo.org/show_bug.cgi?id=362185", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951", "https://bugs.gentoo.org/show_bug.cgi?id=386361", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366", "https://bugs.gentoo.org/show_bug.cgi?id=352608", "https://bugs.gentoo.org/show_bug.cgi?id=358611", "https://bugs.gentoo.org/show_bug.cgi?id=372971", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471", "https://bugs.gentoo.org/show_bug.cgi?id=381169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072", "https://bugs.gentoo.org/show_bug.cgi?id=361397", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.02.72", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "sys-fs/lvm2", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.0.9", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "x11-apps/xrdb", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.1.19", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "media-libs/xine-lib", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.20", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-analyzer/sflowtool", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.9.5", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-misc/mrouted", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.34.3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-libs/libsoup", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.32.2", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-misc/vino", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.2.17", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-libs/xmlsec", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.3.0-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-db/unixODBC", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.2.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-php/PEAR-Mail", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.0.8", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-misc/rsync", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.8.4-r3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "gnome-base/gdm", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.9.6-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-util/oprofile", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.5.4.26862-r3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "media-sound/lastfmplayer", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.9.2-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-php/PEAR-PEAR", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.5.9.1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-vcs/gitolite", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.4.4", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-office/gnucash", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.0.4-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "sys-cluster/resource-agents", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "20110502-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-misc/ca-certificates", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.1.4.3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "sys-apps/shadow", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.38.00", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "media-libs/fmod", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.5.0-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "games-sports/racer-bin", "operator": "ge"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.1.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-util/qt-creator", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.2.7", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-libs/webkit-gtk", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.2.4", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-admin/syslog-ng", "operator": "lt"}], "edition": 1, "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * FMOD Studio\n * PEAR Mail\n * LVM2\n * GnuCash\n * xine-lib\n * Last.fm Scrobbler\n * WebKitGTK+\n * shadow tool suite\n * PEAR\n * unixODBC\n * Resource Agents\n * mrouted\n * rsync\n * XML Security Library\n * xrdb\n * Vino\n * OProfile\n * syslog-ng\n * sFlow Toolkit\n * GNOME Display Manager\n * libsoup\n * CA Certificates\n * Gitolite\n * QtCreator\n * Racer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll FMOD Studio users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/fmod-4.38.00\"\n \n\nAll PEAR Mail users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/PEAR-Mail-1.2.0\"\n \n\nAll LVM2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-fs/lvm2-2.02.72\"\n \n\nAll GnuCash users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/gnucash-2.4.4\"\n \n\nAll xine-lib users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/xine-lib-1.1.19\"\n \n\nAll Last.fm Scrobbler users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-sound/lastfmplayer-1.5.4.26862-r3\"\n \n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-1.2.7\"\n \n\nAll shadow tool suite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/shadow-4.1.4.3\"\n \n\nAll PEAR users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/PEAR-PEAR-1.9.2-r1\"\n \n\nAll unixODBC users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/unixODBC-2.3.0-r1\"\n \n\nAll Resource Agents users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=sys-cluster/resource-agents-1.0.4-r1\"\n \n\nAll mrouted users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/mrouted-3.9.5\"\n \n\nAll rsync users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/rsync-3.0.8\"\n \n\nAll XML Security Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/xmlsec-1.2.17\"\n \n\nAll xrdb users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xrdb-1.0.9\"\n \n\nAll Vino users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/vino-2.32.2\"\n \n\nAll OProfile users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/oprofile-0.9.6-r1\"\n \n\nAll syslog-ng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/syslog-ng-3.2.4\"\n \n\nAll sFlow Toolkit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/sflowtool-3.20\"\n \n\nAll GNOME Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=gnome-base/gdm-3.8.4-r3\"\n \n\nAll libsoup users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/libsoup-2.34.3\"\n \n\nAll CA Certificates users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-misc/ca-certificates-20110502-r1\"\n \n\nAll Gitolite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/gitolite-1.5.9.1\"\n \n\nAll QtCreator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/qt-creator-2.1.0\"\n \n\nGentoo has discontinued support for Racer. We recommend that users unmerge Racer: \n \n \n # emerge --unmerge \"games-sports/racer-bin\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues.", "reporter": "Gentoo Foundation", "published": "2014-12-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2011", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1572", "CVE-2010-4197", "CVE-2011-2472", "CVE-2010-4204", "CVE-2010-3257", "CVE-2011-1097", "CVE-2009-4111", "CVE-2010-1783", "CVE-2011-0465", "CVE-2010-3812", "CVE-2007-4370", "CVE-2010-3389", "CVE-2010-1787", "CVE-2010-1807", "CVE-2011-2473", "CVE-2011-3366", "CVE-2010-1780", "CVE-2009-4023", "CVE-2011-1144", "CVE-2010-4578", "CVE-2011-0904", "CVE-2010-4042", "CVE-2010-2526", "CVE-2010-1786", "CVE-2011-0721", "CVE-2010-1785", "CVE-2011-3365", "CVE-2011-0482", "CVE-2011-2471", "CVE-2010-4493", "CVE-2010-3255", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-2901", "CVE-2010-3374", "CVE-2011-2524", "CVE-2010-1815", "CVE-2011-0007", "CVE-2011-0905", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-1792", "CVE-2011-1760", "CVE-2010-3362", "CVE-2010-3259", "CVE-2010-4206", "CVE-2010-1812", "CVE-2010-1791", "CVE-2010-4577", "CVE-2010-4198", "CVE-2010-1784", "CVE-2010-4492", "CVE-2011-1425", "CVE-2011-1072", "CVE-2011-3367", "CVE-2011-0727", "CVE-2011-1951", "CVE-2010-3813", "CVE-2010-3999", "CVE-2010-0778", "CVE-2010-1793"], "modified": "2014-12-11T00:00:00", "id": "GLSA-201412-09", "href": "https://security.gentoo.org/glsa/201412-09", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
