CVE-2007-3381

2007-08-0700:00:00

ubuntu.com

1.5 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

9.4%

JSON

The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before
2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly
handle NULL return values from the g_strsplit function, which allows local
users to cause a denial of service (persistent daemon crash) via a crafted
command to the daemon’s socket, related to (1) gdm.c and (2) gdmconfig.c in
daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.

Notes

Author	Note
kees	local denial of service (many other ways to cause local DoS)

OSVersionArchitecturePackageVersionFilename
ubuntu7.10noarchgdm< 2.20.0-0ubuntu1UNKNOWN
ubuntu8.04noarchgdm< 2.20.0-0ubuntu1UNKNOWN
ubuntu8.10noarchgdm< 2.20.0-0ubuntu1UNKNOWN
ubuntu9.04noarchgdm< 2.20.0-0ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	7.10	noarch	gdm	< 2.20.0-0ubuntu1	UNKNOWN
ubuntu	8.04	noarch	gdm	< 2.20.0-0ubuntu1	UNKNOWN
ubuntu	8.10	noarch	gdm	< 2.20.0-0ubuntu1	UNKNOWN
ubuntu	9.04	noarch	gdm	< 2.20.0-0ubuntu1	UNKNOWN