10 matches found
SUSE CVE-2017-2625
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions...
[SECURITY] Fedora 34 Update: gdm-40~rc-1.fc34
GDM, the GNOME Display Manager, handles authentication-related backend functionality for logging in a user and unlocking the user's session after it's been locked. GDM also provides functionality for initiating user-switc hing, so more than one user can be logged in at the same time. It handles...
[SECURITY] Fedora 29 Update: gdm-3.30.3-1.fc29
GDM, the GNOME Display Manager, handles authentication-related backend functionality for logging in a user and unlocking the user's session after it's been locked. GDM also provides functionality for initiating user-switc hing, so more than one user can be logged in at the same time. It handles...
DEBIAN-CVE-2017-2625
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions...
DEBIAN-CVE-2015-8316
Array index error in LightDM aka Light Display Manager 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service process crash via an XDMCP request packet with no address...
gdm with xdmcp ignoring tcp_wrappers on x86_64
Red Hat Enterprise Linux 4 does not properly compile and link gdm with tcpwrappers on x8664 platforms, which might allow remote attackers to bypass intended access restrictions...
gdm not built with tcp_wrappers
The Red Hat build script for the GNOME Display Manager GDM before 2.16.0-56 on Red Hat Enterprise Linux RHEL 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079...
CVE-2004-1347
X Display Manager XDM on Solaris 8 allows remote attackers to cause a denial of service XDM crash via an invalid X Display Manager Control Protocol XDMCP request...
XFree86: Various nasty libX11 holes
Hi, I'll summarize the impact and recommendations before I paste a mail which goes into technical details of the flaws. SUMMARY ======= Various coding flaws exist in libX11. Whilst this may not sound too serious, it is, for two reasons. They are 1 Various X client programs foolishly have privileg...
"gdm" remote hole
Hi, Note that I was going to wait for an official fixed release of gdm, but RedHat have released an errata update to the public, so no point hanging around SUMMARY ======= "gdm" is a replacement for "xdm", the X display manager. gdm is a part of the GNOME desktop. A buffer overflow exists in the...