Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-2387

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2010-2387
Last Modified 28 Dec 2012 12:00:00
Published 21 Dec 2012 12:46:13
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2010-2387

Summary

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.

Vulnerable Systems

Application

  • Gnome Display Manager 2.20.0

  • Gnome Display Manager 2.20.1

  • Gnome Display Manager 2.20.10

  • Gnome Display Manager 2.20.2

  • Gnome Display Manager 2.20.3

  • Gnome Display Manager 2.20.4

  • Gnome Display Manager 2.20.5

  • Gnome Display Manager 2.20.6

  • Gnome Display Manager 2.20.7

  • Gnome Display Manager 2.20.8

  • Gnome Display Manager 2.20.9


References

AUSCERT - ASB-2010.0184

CONFIRM - https://bugzilla.gnome.org/show_bug.cgi?id=571846

CONFIRM - https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure

XF - solaris-gdm-information-disclosure(60642)

OSVDB - 66643

SECUNIA - 40780

SECUNIA - 40690

CONFIRM - http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes


Last Updated: 27 May 2016 11:01:28