Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2452

Overview

Vulnerability Score 3.7 3.7
CVE Id CVE-2006-2452
Last Modified 07 Mar 2011 09:36:14
Published 09 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2006-2452

Summary

GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.

Vulnerable Systems

Application

  • Gnome Gdm 2.12

  • Gnome Gdm 2.14

  • Gnome Gdm 2.15

  • Gnome Gdm 2.8


References

VUPEN - ADV-2006-2239

BID - 18332

BUGTRAQ - 20060608 rPSA-2006-0098-1 gdm

CONFIRM - http://bugzilla.gnome.org/show_bug.cgi?id=343476

XF - gdm-facebrowser-security-bypass(27018)

UBUNTU - USN-293-1

MANDRIVA - MDKSA-2006:100

GENTOO - GLSA-200606-14

SECUNIA - 20636

SECUNIA - 20627

SECUNIA - 20587

SECUNIA - 20552

SECUNIA - 20532

SUSE - SUSE-SR:2006:013


Last Updated: 27 May 2016 10:42:28