CVE-2011-1709

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2011-1709
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://secunia.com/advisories/44797 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=709139 Patch
http://www.securityfocus.com/bid/48084
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news
http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html
https://hermes.opensuse.org/messages/8643655
http://www.ubuntu.com/usn/USN-1142-1
http://secunia.com/advisories/44808
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.20:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.23:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.28:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.24:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.30:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.25:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.22:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.21:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.27:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.26:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.31:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.29:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.17:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.32:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.32.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:glib:2.28:*:*:*:*:*:*:*
Information

Published : 2011-06-14 10:55

Updated : 2011-09-06 20:16

NVD link : CVE-2011-1709

Mitre link : CVE-2011-1709

JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa
Products Affected

gnome

  • gdm
  • glib