Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1709

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2011-1709
Last Modified 06 Sep 2011 11:16:25
Published 14 Jun 2011 01:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-1709

Summary

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.

Vulnerable Systems

Application

  • Gnome Gdm 1.0

  • Gnome Gdm 2.0

  • Gnome Gdm 2.13

  • Gnome Gdm 2.14

  • Gnome Gdm 2.15

  • Gnome Gdm 2.16

  • Gnome Gdm 2.17

  • Gnome Gdm 2.18

  • Gnome Gdm 2.19

  • Gnome Gdm 2.2

  • Gnome Gdm 2.20

  • Gnome Gdm 2.21

  • Gnome Gdm 2.22

  • Gnome Gdm 2.23

  • Gnome Gdm 2.24

  • Gnome Gdm 2.25

  • Gnome Gdm 2.26

  • Gnome Gdm 2.27

  • Gnome Gdm 2.28

  • Gnome Gdm 2.29

  • Gnome Gdm 2.3

  • Gnome Gdm 2.30

  • Gnome Gdm 2.31

  • Gnome Gdm 2.32

  • Gnome Gdm 2.32.1

  • Gnome Gdm 2.4

  • Gnome Gdm 2.5

  • Gnome Gdm 2.6

  • Gnome Gdm 2.8


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=709139

CONFIRM - http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d

SUSE - openSUSE-SU-2011:0581

UBUNTU - USN-1142-1

BID - 48084

SECUNIA - 44808

SECUNIA - 44797

FEDORA - FEDORA-2011-7822

CONFIRM - http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news


Last Updated: 27 May 2016 10:56:24