Lucene search

[email protected]NVD:CVE-2010-2387

HistoryDec 21, 2012 - 5:46 a.m.

CVE-2010-2387

2012-12-2105:46:13

CWE-255

[email protected]

web.nvd.nist.gov

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.3%

JSON

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.

Affected configurations

NVD

Node

gnomegnome_display_managerMatch2.20.0

gnomegnome_display_managerMatch2.20.1

gnomegnome_display_managerMatch2.20.2

gnomegnome_display_managerMatch2.20.3

gnomegnome_display_managerMatch2.20.4

gnomegnome_display_managerMatch2.20.5

gnomegnome_display_managerMatch2.20.6

gnomegnome_display_managerMatch2.20.7

gnomegnome_display_managerMatch2.20.8

gnomegnome_display_managerMatch2.20.9

gnomegnome_display_managerMatch2.20.10

References

ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes

secunia.com/advisories/40690

secunia.com/advisories/40780

www.auscert.org.au/13123

www.osvdb.org/66643

blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure

bugzilla.gnome.org/show_bug.cgi?id=571846

exchange.xforce.ibmcloud.com/vulnerabilities/60642

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for NVD:CVE-2010-2387

cve1 ubuntucve1 cvelist1 prion1 nessus2