Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0547

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2003-0547
Last Modified 10 Sep 2008 03:19:36
Published 27 Aug 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0547

Summary

GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.

Vulnerable Systems

Application

  • Gnome Gdm 2.4.1

  • Gnome Gdm 2.4.1.1

  • Gnome Gdm 2.4.1.2

  • Gnome Gdm 2.4.1.3

  • Gnome Gdm 2.4.1.4

  • Gnome Gdm 2.4.1.5

  • Gnome Gdm 2.4.1.6

  • Redhat Kdebase 2.4.0.7.13

  • Redhat Kdebase 2.4.1.3.5


References

REDHAT - RHSA-2003:258

BUGTRAQ - 20030824 [slackware-security] GDM security update (SSA:2003-236-01)

CONFIRM - http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html

CONECTIVA - CLA-2003:729


Last Updated: 27 May 2016 10:37:58