Ubuntu 6.06 LTS / 6.10 : gdm vulnerability (USN-396-1)

A format string vulnerability was discovered in the gdmchooser component of the GNOME Display Manager. By typing a specially crafted host name, local users could gain gdm user privileges, which could lead to further account information exposure. Note that Tenable Network Security has extracted th...

GNOME显示管理器GDMChooser本地格式串处理漏洞

GNOME显示管理器是一个图形登录程序。 GNOME显示管理器主机选择器窗口（gdmchooser）中存在格式串漏洞，本地攻击者可能利用此漏洞提升自己的权限。 具体来说，在选择当前系统所要连接的远程主机时对输入值的处理导致了这个漏洞。gdmchooser.c中的漏洞相关的代码如下： 1395 msg = gstrdupprintf "Cannot find the host "%s". " 1396 "Perhaps you have mistyped it.", 1397 name; 1398 1399 dialog = vehigdialognew 1400 GTKWINDOW...

CVE-2006-6105

The CVE-2006-6105 issue affects the GNOME Display Manager (gdm), specifically the host chooser window (gdmchooser). The vulnerability arises from format string handling in a hostname used in an error dialog, allowing a local attacker to execute arbitrary code via crafted input. Reports across mul...

USN-396-1: gdm vulnerability

A format string vulnerability was discovered in the gdmchooser component of the GNOME Display Manager. By typing a specially crafted host name, local users could gain gdm user privileges, which could lead to further account information exposure...

GNOME gdmchooser format string vulnerability

Format string vulnerability in remote hostname...

[Full-disclosure] iDefense Security Advisory 12.14.06: GNOME Foundation Display Manager gdmchooser Format String Vulnerability

GNOME Foundation Display Manager gdmchooser Format String Vulnerability iDefense Security Advisory 12.14.06 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 14, 2006 I. BACKGROUND The gdmchooser program provides XDMCP X Display Manager Control Protocol functionality to the GNOME Display...