Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0727

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2011-0727
Last Modified 29 Apr 2011 12:00:00
Published 31 Mar 2011 06:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0727

Summary

GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.

Vulnerable Systems

Application

  • Gnome Gdm 2.0

  • Gnome Gdm 2.13

  • Gnome Gdm 2.14

  • Gnome Gdm 2.15

  • Gnome Gdm 2.16

  • Gnome Gdm 2.17

  • Gnome Gdm 2.18

  • Gnome Gdm 2.19

  • Gnome Gdm 2.2

  • Gnome Gdm 2.20

  • Gnome Gdm 2.21

  • Gnome Gdm 2.22

  • Gnome Gdm 2.23

  • Gnome Gdm 2.24

  • Gnome Gdm 2.25

  • Gnome Gdm 2.26

  • Gnome Gdm 2.27

  • Gnome Gdm 2.28

  • Gnome Gdm 2.29

  • Gnome Gdm 2.3

  • Gnome Gdm 2.30

  • Gnome Gdm 2.31

  • Gnome Gdm 2.32

  • Gnome Gdm 2.4

  • Gnome Gdm 2.5

  • Gnome Gdm 2.6

  • Gnome Gdm 2.8


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=688323

MLIST - [gdm-list] 20110328 GDM 2.32.1 released

XF - display-manager-priv-escalation(66377)

VUPEN - ADV-2011-0911

VUPEN - ADV-2011-0847

VUPEN - ADV-2011-0797

VUPEN - ADV-2011-0787

VUPEN - ADV-2011-0786

UBUNTU - USN-1099-1

BID - 47063

REDHAT - RHSA-2011:0395

MANDRIVA - MDVSA-2011:070

DEBIAN - DSA-2205

SECTRACK - 1025264

SECUNIA - 44021

SECUNIA - 43854

SECUNIA - 43714

FEDORA - FEDORA-2011-4351

FEDORA - FEDORA-2011-4335

CONFIRM - http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news


Last Updated: 27 May 2016 10:56:02