{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "CentOS Local Security Checks", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing updates to gdm announced in\nadvisory CESA-2009:1364.", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "a66f4da805f8c392651e1e01d3588ac2"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "4e468b6ed07d7938ce1362e6271259ab"}, {"key": "href", "hash": "b06de168661aa49ddd31164a611d354b"}, {"key": "modified", "hash": "0d134bf170d66438eb1e01173ee0187f"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "3f7cce19dfc67cf09d2ac5a11004e5bf"}, {"key": "published", "hash": "0e3dfe204f8fe641e54618a42300bd96"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "b778055b37159119ce97e96620d4ff56"}, {"key": "sourceData", "hash": "695eaa92685765635b7882194cf433ed"}, {"key": "title", "hash": "c81c9945eb412633d182d1191f11696a"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=64939", "modified": "2017-07-10T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "id": "OPENVAS:64939", "title": "CentOS Security Advisory CESA-2009:1364 (gdm)", "hash": "36509f6a0d0b37f97f31504d6f7c78d4c0d2176800c261cf1fc3f1f078c72326", "edition": 2, "published": "2009-09-21T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-02T21:14:04", "bulletin": {"hash": "ab296503e0fe968671b38fa1efe185ea86e0949a0ecade3ec82a736933f1a14d", "viewCount": 0, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing updates to gdm announced in\nadvisory CESA-2009:1364.", "hashmap": [{"key": "description", "hash": "4e468b6ed07d7938ce1362e6271259ab"}, {"key": "title", "hash": "c81c9945eb412633d182d1191f11696a"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "b778055b37159119ce97e96620d4ff56"}, {"key": "published", "hash": "0e3dfe204f8fe641e54618a42300bd96"}, {"key": "sourceData", "hash": "bdec2f3c8d738372d067db383fe8f83c"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "cvelist", "hash": "a66f4da805f8c392651e1e01d3588ac2"}, {"key": "modified", "hash": "d4227b051a9e150b65aba9bdc4fd2a70"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "href", "hash": "b06de168661aa49ddd31164a611d354b"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "pluginID", "hash": "3f7cce19dfc67cf09d2ac5a11004e5bf"}], "naslFamily": "CentOS Local Security Checks", "modified": "2017-01-13T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=64939", "published": "2009-09-21T00:00:00", "enchantments": {}, "id": "OPENVAS:64939", "title": "CentOS Security Advisory CESA-2009:1364 (gdm)", "bulletinFamily": "scanner", "edition": 1, "sourceData": "#CESA-2009:1364 64939 2\n# $Id: ovcesa2009_1364.nasl 5002 2017-01-13 10:17:13Z teissa $\n# Description: Auto-generated from advisory CESA-2009:1364 (gdm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1364\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1364\";\ntag_summary = \"The remote host is missing updates to gdm announced in\nadvisory CESA-2009:1364.\";\n\n\n\nif(description)\n{\n script_id(64939);\n script_version(\"$Revision: 5002 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-13 11:17:13 +0100 (Fri, 13 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-21 23:13:00 +0200 (Mon, 21 Sep 2009)\");\n script_cve_id(\"CVE-2009-2697\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1364 (gdm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:centos:centos\", \"login/SSH/success\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gdm\", rpm:\"gdm~2.16.0~56.el5.centos\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdm-docs\", rpm:\"gdm-docs~2.16.0~56.el5.centos\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "type": "openvas", "history": [], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2009-2697"], "lastseen": "2017-07-02T21:14:04", "pluginID": "64939"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2009-2697"], "lastseen": "2017-07-25T10:56:39", "sourceData": "#CESA-2009:1364 64939 2\n# $Id: ovcesa2009_1364.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1364 (gdm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1364\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1364\";\ntag_summary = \"The remote host is missing updates to gdm announced in\nadvisory CESA-2009:1364.\";\n\n\n\nif(description)\n{\n script_id(64939);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-21 23:13:00 +0200 (Mon, 21 Sep 2009)\");\n script_cve_id(\"CVE-2009-2697\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1364 (gdm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gdm\", rpm:\"gdm~2.16.0~56.el5.centos\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdm-docs\", rpm:\"gdm-docs~2.16.0~56.el5.centos\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "pluginID": "64939"}

{"cve": [{"lastseen": "2017-09-19T13:36:35", "references": ["http://www.securityfocus.com/bid/36219", "https://rhn.redhat.com/errata/RHSA-2009-1364.html", "https://bugzilla.redhat.com/show_bug.cgi?id=239818"], "description": "The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.", "edition": 2, "reporter": "NVD", "published": "2009-09-04T16:30:00", "title": "CVE-2009-2697", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:36:35", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9586", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-2697"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9586", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9586"}], "modified": "2017-09-18T21:29:17", "cpe": ["cpe:/a:gnome:gdm:1.0", "cpe:/a:gnome:gdm:2.6", "cpe:/a:gnome:gdm:2.8", "cpe:/a:gnome:gdm:2.4", "cpe:/a:gnome:gdm:2.2", "cpe:/a:gnome:gdm:2.16", "cpe:/a:gnome:gdm:2.15", "cpe:/a:gnome:gdm:2.5", "cpe:/a:gnome:gdm:2.3", "cpe:/a:gnome:gdm:0.7", "cpe:/a:gnome:gdm:2.0", "cpe:/a:gnome:gdm:2.13", "cpe:/a:gnome:gdm:2.14"], "id": "CVE-2009-2697", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2697", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-04-06T11:40:36", "references": ["http://www.redhat.com/security/updates/classification/#low", "http://rhn.redhat.com/errata/RHSA-2009-1364.html"], "pluginID": "136141256231064803", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1364.\n\nThe GNOME Display Manager (GDM) is a configurable re-implementation of XDM,\nthe X Display Manager. GDM allows you to log in to your system with the X\nWindow System running, and supports running several different X sessions on\nyour local machine at the same time.\n\nA flaw was found in the way the gdm package was built. The gdm package was\nmissing TCP wrappers support, which could result in an administrator\nbelieving they had access restrictions enabled when they did not.\n(CVE-2009-2697)\n\nAll users should upgrade to these updated packages, which resolve these\nissues. GDM must be restarted for this update to take effect. Rebooting\nachieves this, but changing the runlevel from 5 to 3 and back to 5 also\nrestarts GDM.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-09T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1364", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2697"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064803", "id": "OPENVAS:136141256231064803", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1364.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1364 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1364.\n\nThe GNOME Display Manager (GDM) is a configurable re-implementation of XDM,\nthe X Display Manager. GDM allows you to log in to your system with the X\nWindow System running, and supports running several different X sessions on\nyour local machine at the same time.\n\nA flaw was found in the way the gdm package was built. The gdm package was\nmissing TCP wrappers support, which could result in an administrator\nbelieving they had access restrictions enabled when they did not.\n(CVE-2009-2697)\n\nAll users should upgrade to these updated packages, which resolve these\nissues. GDM must be restarted for this update to take effect. Rebooting\nachieves this, but changing the runlevel from 5 to 3 and back to 5 also\nrestarts GDM.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64803\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-09 02:15:49 +0200 (Wed, 09 Sep 2009)\");\n script_cve_id(\"CVE-2009-2697\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1364\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1364.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#low\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gdm\", rpm:\"gdm~2.16.0~56.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdm-debuginfo\", rpm:\"gdm-debuginfo~2.16.0~56.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdm-docs\", rpm:\"gdm-docs~2.16.0~56.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:25:37", "references": ["http://linux.oracle.com/errata/ELSA-2009-1364.html"], "pluginID": "1361412562310122443", "description": "Oracle Linux Local Security Checks ELSA-2009-1364", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-08T00:00:00", "title": "Oracle Linux Local Check: ELSA-2009-1364", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2697"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122443", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122443", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1364.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122443\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:45:29 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1364\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1364 - gdm security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1364\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1364.html\");\n script_cve_id(\"CVE-2009-2697\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"gdm\", rpm:\"gdm~2.16.0~56.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gdm-docs\", rpm:\"gdm-docs~2.16.0~56.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:59", "references": [], "pluginID": "136141256231064939", "description": "The remote host is missing updates to gdm announced in\nadvisory CESA-2009:1364.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-21T00:00:00", "title": "CentOS Security Advisory CESA-2009:1364 (gdm)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2697"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064939", "id": "OPENVAS:136141256231064939", "sourceData": "#CESA-2009:1364 64939 2\n# $Id: ovcesa2009_1364.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1364 (gdm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1364\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1364\";\ntag_summary = \"The remote host is missing updates to gdm announced in\nadvisory CESA-2009:1364.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64939\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-21 23:13:00 +0200 (Mon, 21 Sep 2009)\");\n script_cve_id(\"CVE-2009-2697\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1364 (gdm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gdm\", rpm:\"gdm~2.16.0~56.el5.centos\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdm-docs\", rpm:\"gdm-docs~2.16.0~56.el5.centos\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:04:47", "references": ["2009:1364", "http://lists.centos.org/pipermail/centos-announce/2009-September/016157.html"], "pluginID": "1361412562310880844", "description": "Check for the Version of gdm", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-09T00:00:00", "title": "CentOS Update for gdm CESA-2009:1364 centos5 i386", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2697"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880844", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880844", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gdm CESA-2009:1364 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GNOME Display Manager (GDM) is a configurable re-implementation of XDM,\n the X Display Manager. GDM allows you to log in to your system with the X\n Window System running, and supports running several different X sessions on\n your local machine at the same time.\n\n A flaw was found in the way the gdm package was built. The gdm package was\n missing TCP wrappers support, which could result in an administrator\n believing they had access restrictions enabled when they did not.\n (CVE-2009-2697)\n \n This update also fixes the following bugs:\n \n * the GDM Reference Manual is now included with the gdm packages. The\n gdm-docs package installs this document in HTML format in\n &quot;/usr/share/doc/&quot;. (BZ#196054)\n \n * GDM appeared in English on systems using Telugu (te_IN). With this\n update, GDM has been localized in te_IN. (BZ#226931)\n \n * the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5.\n In previous releases, however, repeated use of this sequence prevented GDM\n from starting the X server as part of the reset process. This was because\n GDM sometimes did not notice the X server shutdown properly and would\n subsequently fail to complete the reset process. This update contains an\n added check to explicitly notify GDM whenever the X server is terminated,\n ensuring that resets are executed reliably. (BZ#441971)\n \n * the &quot;gdm&quot; user is now part of the &quot;audio&quot; group by default. This enables\n audio support at the login screen. (BZ#458331)\n \n * the gui/modules/dwellmouselistener.c source code contained incorrect\n XInput code that prevented tablet devices from working properly. This\n update removes the errant code, ensuring that tablet devices work as\n expected. (BZ#473262)\n \n * a bug in the XOpenDevice() function prevented the X server from starting\n whenever a device defined in &quot;/etc/X11/xorg.conf&quot; was not actually plugged\n in. This update wraps XOpenDevice() in the gdk_error_trap_pop() and\n gdk_error_trap_push() functions, which resolves this bug. This ensures that\n the X server can start properly even when devices defined in\n &quot;/etc/X11/xorg.conf&quot; are not plugged in. (BZ#474588)\n \n All users should upgrade to these updated packages, which resolve these\n issues. GDM must be restarted for this update to take effect. Rebooting\n achieves this, but changing the runlevel from 5 to 3 and back to 5 also\n restarts GDM.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"gdm on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-September/016157.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880844\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1364\");\n script_cve_id(\"CVE-2009-2697\");\n script_name(\"CentOS Update for gdm CESA-2009:1364 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of gdm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gdm\", rpm:\"gdm~2.16.0~56.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gdm-docs\", rpm:\"gdm-docs~2.16.0~56.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:22", "references": ["2009:1364", "http://lists.centos.org/pipermail/centos-announce/2009-September/016157.html"], "pluginID": "880844", "description": "Check for the Version of gdm", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "CentOS Update for gdm CESA-2009:1364 centos5 i386", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2697"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880844", "id": "OPENVAS:880844", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gdm CESA-2009:1364 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GNOME Display Manager (GDM) is a configurable re-implementation of XDM,\n the X Display Manager. GDM allows you to log in to your system with the X\n Window System running, and supports running several different X sessions on\n your local machine at the same time.\n\n A flaw was found in the way the gdm package was built. The gdm package was\n missing TCP wrappers support, which could result in an administrator\n believing they had access restrictions enabled when they did not.\n (CVE-2009-2697)\n \n This update also fixes the following bugs:\n \n * the GDM Reference Manual is now included with the gdm packages. The\n gdm-docs package installs this document in HTML format in\n &quot;/usr/share/doc/&quot;. (BZ#196054)\n \n * GDM appeared in English on systems using Telugu (te_IN). With this\n update, GDM has been localized in te_IN. (BZ#226931)\n \n * the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5.\n In previous releases, however, repeated use of this sequence prevented GDM\n from starting the X server as part of the reset process. This was because\n GDM sometimes did not notice the X server shutdown properly and would\n subsequently fail to complete the reset process. This update contains an\n added check to explicitly notify GDM whenever the X server is terminated,\n ensuring that resets are executed reliably. (BZ#441971)\n \n * the &quot;gdm&quot; user is now part of the &quot;audio&quot; group by default. This enables\n audio support at the login screen. (BZ#458331)\n \n * the gui/modules/dwellmouselistener.c source code contained incorrect\n XInput code that prevented tablet devices from working properly. This\n update removes the errant code, ensuring that tablet devices work as\n expected. (BZ#473262)\n \n * a bug in the XOpenDevice() function prevented the X server from starting\n whenever a device defined in &quot;/etc/X11/xorg.conf&quot; was not actually plugged\n in. This update wraps XOpenDevice() in the gdk_error_trap_pop() and\n gdk_error_trap_push() functions, which resolves this bug. This ensures that\n the X server can start properly even when devices defined in\n &quot;/etc/X11/xorg.conf&quot; are not plugged in. (BZ#474588)\n \n All users should upgrade to these updated packages, which resolve these\n issues. GDM must be restarted for this update to take effect. Rebooting\n achieves this, but changing the runlevel from 5 to 3 and back to 5 also\n restarts GDM.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"gdm on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-September/016157.html\");\n script_id(880844);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1364\");\n script_cve_id(\"CVE-2009-2697\");\n script_name(\"CentOS Update for gdm CESA-2009:1364 centos5 i386\");\n\n script_summary(\"Check for the Version of gdm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gdm\", rpm:\"gdm~2.16.0~56.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gdm-docs\", rpm:\"gdm-docs~2.16.0~56.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:56:49", "references": ["http://www.redhat.com/security/updates/classification/#low", "http://rhn.redhat.com/errata/RHSA-2009-1364.html"], "pluginID": "64803", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1364.\n\nThe GNOME Display Manager (GDM) is a configurable re-implementation of XDM,\nthe X Display Manager. GDM allows you to log in to your system with the X\nWindow System running, and supports running several different X sessions on\nyour local machine at the same time.\n\nA flaw was found in the way the gdm package was built. The gdm package was\nmissing TCP wrappers support, which could result in an administrator\nbelieving they had access restrictions enabled when they did not.\n(CVE-2009-2697)\n\nAll users should upgrade to these updated packages, which resolve these\nissues. GDM must be restarted for this update to take effect. Rebooting\nachieves this, but changing the runlevel from 5 to 3 and back to 5 also\nrestarts GDM.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "title": "RedHat Security Advisory RHSA-2009:1364", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2697"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64803", "id": "OPENVAS:64803", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1364.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1364 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1364.\n\nThe GNOME Display Manager (GDM) is a configurable re-implementation of XDM,\nthe X Display Manager. GDM allows you to log in to your system with the X\nWindow System running, and supports running several different X sessions on\nyour local machine at the same time.\n\nA flaw was found in the way the gdm package was built. The gdm package was\nmissing TCP wrappers support, which could result in an administrator\nbelieving they had access restrictions enabled when they did not.\n(CVE-2009-2697)\n\nAll users should upgrade to these updated packages, which resolve these\nissues. GDM must be restarted for this update to take effect. Rebooting\nachieves this, but changing the runlevel from 5 to 3 and back to 5 also\nrestarts GDM.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64803);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-09 02:15:49 +0200 (Wed, 09 Sep 2009)\");\n script_cve_id(\"CVE-2009-2697\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1364\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1364.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#low\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gdm\", rpm:\"gdm~2.16.0~56.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdm-debuginfo\", rpm:\"gdm-debuginfo~2.16.0~56.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdm-docs\", rpm:\"gdm-docs~2.16.0~56.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:42:32", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.0-56.el5", "arch": "i386", "packageName": "gdm", "packageFilename": "gdm-2.16.0-56.el5.i386.rpm", "operator": "lt"}], "description": "The GNOME Display Manager (GDM) is a configurable re-implementation of XDM,\nthe X Display Manager. GDM allows you to log in to your system with the X\nWindow System running, and supports running several different X sessions on\nyour local machine at the same time.\n\nA flaw was found in the way the gdm package was built. The gdm package was\nmissing TCP wrappers support, which could result in an administrator\nbelieving they had access restrictions enabled when they did not.\n(CVE-2009-2697)\n\nThis update also fixes the following bugs:\n\n* the GDM Reference Manual is now included with the gdm packages. The\ngdm-docs package installs this document in HTML format in\n\"/usr/share/doc/\". (BZ#196054)\n\n* GDM appeared in English on systems using Telugu (te_IN). With this\nupdate, GDM has been localized in te_IN. (BZ#226931)\n\n* the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5.\nIn previous releases, however, repeated use of this sequence prevented GDM\nfrom starting the X server as part of the reset process. This was because\nGDM sometimes did not notice the X server shutdown properly and would\nsubsequently fail to complete the reset process. This update contains an\nadded check to explicitly notify GDM whenever the X server is terminated,\nensuring that resets are executed reliably. (BZ#441971)\n\n* the \"gdm\" user is now part of the \"audio\" group by default. This enables\naudio support at the login screen. (BZ#458331)\n\n* the gui/modules/dwellmouselistener.c source code contained incorrect\nXInput code that prevented tablet devices from working properly. This\nupdate removes the errant code, ensuring that tablet devices work as\nexpected. (BZ#473262)\n\n* a bug in the XOpenDevice() function prevented the X server from starting\nwhenever a device defined in \"/etc/X11/xorg.conf\" was not actually plugged\nin. This update wraps XOpenDevice() in the gdk_error_trap_pop() and\ngdk_error_trap_push() functions, which resolves this bug. This ensures that\nthe X server can start properly even when devices defined in\n\"/etc/X11/xorg.conf\" are not plugged in. (BZ#474588)\n\nAll users should upgrade to these updated packages, which resolve these\nissues. GDM must be restarted for this update to take effect. Rebooting\nachieves this, but changing the runlevel from 5 to 3 and back to 5 also\nrestarts GDM.", "reporter": "RedHat", "published": "2009-09-02T07:02:33", "type": "redhat", "title": "(RHSA-2009:1364) Low: gdm security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2697"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:51:03", "id": "RHSA-2009:1364", "href": "https://access.redhat.com/errata/RHSA-2009:1364", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:44:47", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=458331", "https://bugzilla.redhat.com/show_bug.cgi?id=196054", "https://bugzilla.redhat.com/show_bug.cgi?id=474588", "https://bugzilla.redhat.com/show_bug.cgi?id=473262", "http://www.nessus.org/u?84eee8fa", "https://bugzilla.redhat.com/show_bug.cgi?id=226931", "https://bugzilla.redhat.com/show_bug.cgi?id=441971"], "pluginID": "60652", "description": "CVE-2009-2697 gdm not built with tcp_wrappers\n\nA flaw was found in the way the gdm package was built. The gdm package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2009-2697)\n\nThis update also fixes the following bugs :\n\n - the GDM Reference Manual is now included with the gdm packages. The gdm-docs package installs this document in HTML format in '/usr/share/doc/'. (BZ#196054)\n\n - GDM appeared in English on systems using Telugu (te_IN).\n With this update, GDM has been localized in te_IN.\n (BZ#226931)\n\n - the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5. In previous releases, however, repeated use of this sequence prevented GDM from starting the X server as part of the reset process. This was because GDM sometimes did not notice the X server shutdown properly and would subsequently fail to complete the reset process. This update contains an added check to explicitly notify GDM whenever the X server is terminated, ensuring that resets are executed reliably.\n (BZ#441971)\n\n - the 'gdm' user is now part of the 'audio' group by default. This enables audio support at the login screen.\n (BZ#458331)\n\n - the gui/modules/dwellmouselistener.c source code contained incorrect XInput code that prevented tablet devices from working properly. This update removes the errant code, ensuring that tablet devices work as expected. (BZ#473262)\n\n - a bug in the XOpenDevice() function prevented the X server from starting whenever a device defined in '/etc/X11/xorg.conf' was not actually plugged in. This update wraps XOpenDevice() in the gdk_error_trap_pop() and gdk_error_trap_push() functions, which resolves this bug. This ensures that the X server can start properly even when devices defined in '/etc/X11/xorg.conf' are not plugged in. (BZ#474588)\n\nGDM must be restarted for this update to take effect. Rebooting achieves this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM.\n\nNote: setup needed to be updated for dependencies.", "edition": 4, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : gdm on SL5.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2697"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090902_GDM_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60652", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60652);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:38:53 $\");\n\n script_cve_id(\"CVE-2009-2697\");\n\n script_name(english:\"Scientific Linux Security Update : gdm on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-2697 gdm not built with tcp_wrappers\n\nA flaw was found in the way the gdm package was built. The gdm package\nwas missing TCP wrappers support, which could result in an\nadministrator believing they had access restrictions enabled when they\ndid not. (CVE-2009-2697)\n\nThis update also fixes the following bugs :\n\n - the GDM Reference Manual is now included with the gdm\n packages. The gdm-docs package installs this document in\n HTML format in '/usr/share/doc/'. (BZ#196054)\n\n - GDM appeared in English on systems using Telugu (te_IN).\n With this update, GDM has been localized in te_IN.\n (BZ#226931)\n\n - the Ctrl+Alt+Backspace sequence resets the X server when\n in runlevel 5. In previous releases, however, repeated\n use of this sequence prevented GDM from starting the X\n server as part of the reset process. This was because\n GDM sometimes did not notice the X server shutdown\n properly and would subsequently fail to complete the\n reset process. This update contains an added check to\n explicitly notify GDM whenever the X server is\n terminated, ensuring that resets are executed reliably.\n (BZ#441971)\n\n - the 'gdm' user is now part of the 'audio' group by\n default. This enables audio support at the login screen.\n (BZ#458331)\n\n - the gui/modules/dwellmouselistener.c source code\n contained incorrect XInput code that prevented tablet\n devices from working properly. This update removes the\n errant code, ensuring that tablet devices work as\n expected. (BZ#473262)\n\n - a bug in the XOpenDevice() function prevented the X\n server from starting whenever a device defined in\n '/etc/X11/xorg.conf' was not actually plugged in. This\n update wraps XOpenDevice() in the gdk_error_trap_pop()\n and gdk_error_trap_push() functions, which resolves this\n bug. This ensures that the X server can start properly\n even when devices defined in '/etc/X11/xorg.conf' are\n not plugged in. (BZ#474588)\n\nGDM must be restarted for this update to take effect. Rebooting\nachieves this, but changing the runlevel from 5 to 3 and back to 5\nalso restarts GDM.\n\nNote: setup needed to be updated for dependencies.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0909&L=scientific-linux-errata&T=0&P=1693\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84eee8fa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=196054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=226931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=441971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=458331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=473262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=474588\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gdm, gdm-docs and / or setup packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"gdm-2.16.0-56.sl\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gdm-docs-2.16.0-56.sl\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"setup-2.5.58-7.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-11T12:56:11", "references": ["http://www.nessus.org/u?c513166c", "http://www.nessus.org/u?d23f6d99"], "pluginID": "43789", "description": "Updated gdm packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThe GNOME Display Manager (GDM) is a configurable re-implementation of XDM, the X Display Manager. GDM allows you to log in to your system with the X Window System running, and supports running several different X sessions on your local machine at the same time.\n\nA flaw was found in the way the gdm package was built. The gdm package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2009-2697)\n\nThis update also fixes the following bugs :\n\n* the GDM Reference Manual is now included with the gdm packages. The gdm-docs package installs this document in HTML format in '/usr/share/doc/'. (BZ#196054)\n\n* GDM appeared in English on systems using Telugu (te_IN). With this update, GDM has been localized in te_IN. (BZ#226931)\n\n* the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5. In previous releases, however, repeated use of this sequence prevented GDM from starting the X server as part of the reset process.\nThis was because GDM sometimes did not notice the X server shutdown properly and would subsequently fail to complete the reset process.\nThis update contains an added check to explicitly notify GDM whenever the X server is terminated, ensuring that resets are executed reliably. (BZ#441971)\n\n* the 'gdm' user is now part of the 'audio' group by default. This enables audio support at the login screen. (BZ#458331)\n\n* the gui/modules/dwellmouselistener.c source code contained incorrect XInput code that prevented tablet devices from working properly. This update removes the errant code, ensuring that tablet devices work as expected. (BZ#473262)\n\n* a bug in the XOpenDevice() function prevented the X server from starting whenever a device defined in '/etc/X11/xorg.conf' was not actually plugged in. This update wraps XOpenDevice() in the gdk_error_trap_pop() and gdk_error_trap_push() functions, which resolves this bug. This ensures that the X server can start properly even when devices defined in '/etc/X11/xorg.conf' are not plugged in.\n(BZ#474588)\n\nAll users should upgrade to these updated packages, which resolve these issues. GDM must be restarted for this update to take effect.\nRebooting achieves this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM.", "edition": 7, "reporter": "Tenable", "published": "2010-01-06T00:00:00", "title": "CentOS 5 : gdm (CESA-2009:1364)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2697"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gdm-docs", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:gdm"], "id": "CENTOS_RHSA-2009-1364.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43789", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1364 and \n# CentOS Errata and Security Advisory 2009:1364 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43789);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2009-2697\");\n script_xref(name:\"RHSA\", value:\"2009:1364\");\n\n script_name(english:\"CentOS 5 : gdm (CESA-2009:1364)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gdm packages that fix a security issue and several bugs are\nnow available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe GNOME Display Manager (GDM) is a configurable re-implementation of\nXDM, the X Display Manager. GDM allows you to log in to your system\nwith the X Window System running, and supports running several\ndifferent X sessions on your local machine at the same time.\n\nA flaw was found in the way the gdm package was built. The gdm package\nwas missing TCP wrappers support, which could result in an\nadministrator believing they had access restrictions enabled when they\ndid not. (CVE-2009-2697)\n\nThis update also fixes the following bugs :\n\n* the GDM Reference Manual is now included with the gdm packages. The\ngdm-docs package installs this document in HTML format in\n'/usr/share/doc/'. (BZ#196054)\n\n* GDM appeared in English on systems using Telugu (te_IN). With this\nupdate, GDM has been localized in te_IN. (BZ#226931)\n\n* the Ctrl+Alt+Backspace sequence resets the X server when in runlevel\n5. In previous releases, however, repeated use of this sequence\nprevented GDM from starting the X server as part of the reset process.\nThis was because GDM sometimes did not notice the X server shutdown\nproperly and would subsequently fail to complete the reset process.\nThis update contains an added check to explicitly notify GDM whenever\nthe X server is terminated, ensuring that resets are executed\nreliably. (BZ#441971)\n\n* the 'gdm' user is now part of the 'audio' group by default. This\nenables audio support at the login screen. (BZ#458331)\n\n* the gui/modules/dwellmouselistener.c source code contained incorrect\nXInput code that prevented tablet devices from working properly. This\nupdate removes the errant code, ensuring that tablet devices work as\nexpected. (BZ#473262)\n\n* a bug in the XOpenDevice() function prevented the X server from\nstarting whenever a device defined in '/etc/X11/xorg.conf' was not\nactually plugged in. This update wraps XOpenDevice() in the\ngdk_error_trap_pop() and gdk_error_trap_push() functions, which\nresolves this bug. This ensures that the X server can start properly\neven when devices defined in '/etc/X11/xorg.conf' are not plugged in.\n(BZ#474588)\n\nAll users should upgrade to these updated packages, which resolve\nthese issues. GDM must be restarted for this update to take effect.\nRebooting achieves this, but changing the runlevel from 5 to 3 and\nback to 5 also restarts GDM.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016157.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d23f6d99\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016158.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c513166c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gdm-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"gdm-2.16.0-56.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gdm-docs-2.16.0-56.el5.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-29T19:39:40", "references": ["https://access.redhat.com/security/cve/cve-2009-2697", "https://access.redhat.com/errata/RHSA-2009:1364"], "pluginID": "40840", "description": "Updated gdm packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThe GNOME Display Manager (GDM) is a configurable re-implementation of XDM, the X Display Manager. GDM allows you to log in to your system with the X Window System running, and supports running several different X sessions on your local machine at the same time.\n\nA flaw was found in the way the gdm package was built. The gdm package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2009-2697)\n\nThis update also fixes the following bugs :\n\n* the GDM Reference Manual is now included with the gdm packages. The gdm-docs package installs this document in HTML format in '/usr/share/doc/'. (BZ#196054)\n\n* GDM appeared in English on systems using Telugu (te_IN). With this update, GDM has been localized in te_IN. (BZ#226931)\n\n* the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5. In previous releases, however, repeated use of this sequence prevented GDM from starting the X server as part of the reset process.\nThis was because GDM sometimes did not notice the X server shutdown properly and would subsequently fail to complete the reset process.\nThis update contains an added check to explicitly notify GDM whenever the X server is terminated, ensuring that resets are executed reliably. (BZ#441971)\n\n* the 'gdm' user is now part of the 'audio' group by default. This enables audio support at the login screen. (BZ#458331)\n\n* the gui/modules/dwellmouselistener.c source code contained incorrect XInput code that prevented tablet devices from working properly. This update removes the errant code, ensuring that tablet devices work as expected. (BZ#473262)\n\n* a bug in the XOpenDevice() function prevented the X server from starting whenever a device defined in '/etc/X11/xorg.conf' was not actually plugged in. This update wraps XOpenDevice() in the gdk_error_trap_pop() and gdk_error_trap_push() functions, which resolves this bug. This ensures that the X server can start properly even when devices defined in '/etc/X11/xorg.conf' are not plugged in.\n(BZ#474588)\n\nAll users should upgrade to these updated packages, which resolve these issues. GDM must be restarted for this update to take effect.\nRebooting achieves this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM.", "edition": 8, "reporter": "Tenable", "published": "2009-09-02T00:00:00", "title": "RHEL 5 : gdm (RHSA-2009:1364)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2697"], "modified": "2018-11-27T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:gdm-docs", "p-cpe:/a:redhat:enterprise_linux:gdm"], "id": "REDHAT-RHSA-2009-1364.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40840", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1364. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40840);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2009-2697\");\n script_xref(name:\"RHSA\", value:\"2009:1364\");\n\n script_name(english:\"RHEL 5 : gdm (RHSA-2009:1364)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gdm packages that fix a security issue and several bugs are\nnow available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe GNOME Display Manager (GDM) is a configurable re-implementation of\nXDM, the X Display Manager. GDM allows you to log in to your system\nwith the X Window System running, and supports running several\ndifferent X sessions on your local machine at the same time.\n\nA flaw was found in the way the gdm package was built. The gdm package\nwas missing TCP wrappers support, which could result in an\nadministrator believing they had access restrictions enabled when they\ndid not. (CVE-2009-2697)\n\nThis update also fixes the following bugs :\n\n* the GDM Reference Manual is now included with the gdm packages. The\ngdm-docs package installs this document in HTML format in\n'/usr/share/doc/'. (BZ#196054)\n\n* GDM appeared in English on systems using Telugu (te_IN). With this\nupdate, GDM has been localized in te_IN. (BZ#226931)\n\n* the Ctrl+Alt+Backspace sequence resets the X server when in runlevel\n5. In previous releases, however, repeated use of this sequence\nprevented GDM from starting the X server as part of the reset process.\nThis was because GDM sometimes did not notice the X server shutdown\nproperly and would subsequently fail to complete the reset process.\nThis update contains an added check to explicitly notify GDM whenever\nthe X server is terminated, ensuring that resets are executed\nreliably. (BZ#441971)\n\n* the 'gdm' user is now part of the 'audio' group by default. This\nenables audio support at the login screen. (BZ#458331)\n\n* the gui/modules/dwellmouselistener.c source code contained incorrect\nXInput code that prevented tablet devices from working properly. This\nupdate removes the errant code, ensuring that tablet devices work as\nexpected. (BZ#473262)\n\n* a bug in the XOpenDevice() function prevented the X server from\nstarting whenever a device defined in '/etc/X11/xorg.conf' was not\nactually plugged in. This update wraps XOpenDevice() in the\ngdk_error_trap_pop() and gdk_error_trap_push() functions, which\nresolves this bug. This ensures that the X server can start properly\neven when devices defined in '/etc/X11/xorg.conf' are not plugged in.\n(BZ#474588)\n\nAll users should upgrade to these updated packages, which resolve\nthese issues. GDM must be restarted for this update to take effect.\nRebooting achieves this, but changing the runlevel from 5 to 3 and\nback to 5 also restarts GDM.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1364\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gdm and / or gdm-docs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gdm-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1364\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gdm-2.16.0-56.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gdm-2.16.0-56.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gdm-2.16.0-56.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gdm-docs-2.16.0-56.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gdm-docs-2.16.0-56.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gdm-docs-2.16.0-56.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdm / gdm-docs\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:24:35", "references": ["http://rhn.redhat.com/errata/RHSA-2009-1364.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.0-56.el5.centos", "packageFilename": "gdm-docs-2.16.0-56.el5.centos.x86_64.rpm", "packageName": "gdm-docs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.0-56.el5.centos", "packageFilename": "gdm-docs-2.16.0-56.el5.centos.i386.rpm", "packageName": "gdm-docs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.0-56.el5.centos", "packageFilename": "gdm-2.16.0-56.el5.centos.i386.rpm", "packageName": "gdm", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.0-56.el5.centos", "packageFilename": "gdm-2.16.0-56.el5.centos.x86_64.rpm", "packageName": "gdm", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.0-56.el5.centos", "packageFilename": "gdm-2.16.0-56.el5.centos.src.rpm", "packageName": "gdm", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.0-56.el5.centos", "packageFilename": "gdm-2.16.0-56.el5.centos.src.rpm", "packageName": "gdm", "arch": "any", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2009:1364\n\n\nThe GNOME Display Manager (GDM) is a configurable re-implementation of XDM,\nthe X Display Manager. GDM allows you to log in to your system with the X\nWindow System running, and supports running several different X sessions on\nyour local machine at the same time.\n\nA flaw was found in the way the gdm package was built. The gdm package was\nmissing TCP wrappers support, which could result in an administrator\nbelieving they had access restrictions enabled when they did not.\n(CVE-2009-2697)\n\nThis update also fixes the following bugs:\n\n* the GDM Reference Manual is now included with the gdm packages. The\ngdm-docs package installs this document in HTML format in\n\"/usr/share/doc/\". (BZ#196054)\n\n* GDM appeared in English on systems using Telugu (te_IN). With this\nupdate, GDM has been localized in te_IN. (BZ#226931)\n\n* the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5.\nIn previous releases, however, repeated use of this sequence prevented GDM\nfrom starting the X server as part of the reset process. This was because\nGDM sometimes did not notice the X server shutdown properly and would\nsubsequently fail to complete the reset process. This update contains an\nadded check to explicitly notify GDM whenever the X server is terminated,\nensuring that resets are executed reliably. (BZ#441971)\n\n* the \"gdm\" user is now part of the \"audio\" group by default. This enables\naudio support at the login screen. (BZ#458331)\n\n* the gui/modules/dwellmouselistener.c source code contained incorrect\nXInput code that prevented tablet devices from working properly. This\nupdate removes the errant code, ensuring that tablet devices work as\nexpected. (BZ#473262)\n\n* a bug in the XOpenDevice() function prevented the X server from starting\nwhenever a device defined in \"/etc/X11/xorg.conf\" was not actually plugged\nin. This update wraps XOpenDevice() in the gdk_error_trap_pop() and\ngdk_error_trap_push() functions, which resolves this bug. This ensures that\nthe X server can start properly even when devices defined in\n\"/etc/X11/xorg.conf\" are not plugged in. (BZ#474588)\n\nAll users should upgrade to these updated packages, which resolve these\nissues. GDM must be restarted for this update to take effect. Rebooting\nachieves this, but changing the runlevel from 5 to 3 and back to 5 also\nrestarts GDM.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-September/016157.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-September/016158.html\n\n**Affected packages:**\ngdm\ngdm-docs\n\n**Upstream details at:**\n", "edition": 1, "reporter": "CentOS Project", "published": "2009-09-15T19:50:41", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "title": "gdm security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2697"], "modified": "2009-09-15T19:50:41", "href": "http://lists.centos.org/pipermail/centos-announce/2009-September/016157.html", "id": "CESA-2009:1364", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:38:19", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.0-56.el5", "arch": "i386", "packageFilename": "gdm-2.16.0-56.el5.i386.rpm", "packageName": "gdm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.0-56.el5", "arch": "x86_64", "packageFilename": "gdm-2.16.0-56.el5.x86_64.rpm", "packageName": "gdm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.0-56.el5", "arch": "ia64", "packageFilename": "gdm-2.16.0-56.el5.ia64.rpm", "packageName": "gdm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.0-56.el5", "arch": "ia64", "packageFilename": "gdm-docs-2.16.0-56.el5.ia64.rpm", "packageName": "gdm-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.0-56.el5", "arch": "i386", "packageFilename": "gdm-docs-2.16.0-56.el5.i386.rpm", "packageName": "gdm-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.0-56.el5", "arch": "src", "packageFilename": "gdm-2.16.0-56.el5.src.rpm", "packageName": "gdm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.0-56.el5", "arch": "src", "packageFilename": "gdm-2.16.0-56.el5.src.rpm", "packageName": "gdm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.0-56.el5", "arch": "src", "packageFilename": "gdm-2.16.0-56.el5.src.rpm", "packageName": "gdm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.0-56.el5", "arch": "x86_64", "packageFilename": "gdm-docs-2.16.0-56.el5.x86_64.rpm", "packageName": "gdm-docs", "operator": "lt"}], "description": "[1:2.16.0-56]\n- Resolves: #239818 181302\n- Fix tcp wrappers detection on 64-bit\n[1:2.16.0-55]\nResolves: #196054\n- Fix docs subpackage Requires\n[1:2.16.0-53]\nResolves: #196054\n- Add docs subpackage\n[1:2.16.0-52]\nResolves: #226931\n- Add te_IN translations\n[1:2.16.0-51]\nResolves: #441971\n- Make ctrl-alt-backspace at the login screen more robust\n[1:2.16.0-50]\nResolves: #458331\n- Add GDM to audio group by default.\n[1:2.16.0-49]\nResolves: #474588\n- Don't crash if defined extended input device is unplugged\n Patch by Olivier Fourdan.\n[1:2.16.0-48]\nResolves: #239818\n- Rebuild with tcp_wrappers build requires\n[1:2.16.0-47]\nResolves: #473262\n- Fix pointer on tablet devices.", "edition": 3, "reporter": "Oracle", "published": "2009-09-08T00:00:00", "title": "gdm security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2697"], "modified": "2009-09-08T00:00:00", "id": "ELSA-2009-1364", "href": "http://linux.oracle.com/errata/ELSA-2009-1364.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}