CVE-2003-0549

Current Description

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.

Referenced by CVEs:CVE-2003-0548

Basic Data

PublishedAugust 27, 2003
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationGnomeGdm2.2.0*******
    2.3ApplicationGnomeGdm2.4.1*******
    2.3ApplicationGnomeGdm2.4.1.1*******
    2.3ApplicationGnomeGdm2.4.1.2*******
    2.3ApplicationGnomeGdm2.4.1.3*******
    2.3ApplicationGnomeGdm2.4.1.4*******
    2.3ApplicationGnomeGdm2.4.1.5*******
    2.3ApplicationGnomeGdm2.4.1.6*******
    2.3ApplicationRedhatKdebase2.0_beta2.45*i386*****
    2.3ApplicationRedhatKdebase2.0_beta2.45*ppc*****
    2.3ApplicationRedhatKdebase2.2.3.1.20*i386*****
    2.3ApplicationRedhatKdebase2.2.3.1.20*ia64*****
    2.3ApplicationRedhatKdebase2.2.3.1.22*i386*****
    2.3ApplicationRedhatKdebase2.4.0.7.13*i386*****
    2.3ApplicationRedhatKdebase2.4.1.3.5*i386*****
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux2.1*advanced_server*****
    2.3OSRedhatEnterprise Linux2.1*advanced_server_ia64*****
    2.3OSRedhatEnterprise Linux2.1*enterprise_server*****
    2.3OSRedhatEnterprise Linux2.1*enterprise_server_ia64*****
    2.3OSRedhatEnterprise Linux2.1*workstation*****
    2.3OSRedhatEnterprise Linux2.1*workstation_ia64*****
    2.3OSRedhatLinux Advanced Workstation2.1*******

Vulnerable Software List

VendorProductVersions
Gnome Gdm 2.2.0, 2.4.1, 2.4.1.1, 2.4.1.2, 2.4.1.3, 2.4.1.4, 2.4.1.5, 2.4.1.6
Redhat Enterprise Linux 2.1
Redhat Kdebase 2.0_beta2.45, 2.2.3.1.20, 2.2.3.1.22, 2.4.0.7.13, 2.4.1.3.5
Redhat Linux Advanced Workstation 2.1

References

NameSourceURLTags
CLA-2003:729http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729CONECTIVA
http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.htmlhttp://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.htmlCONFIRM
RHSA-2003:258http://www.redhat.com/support/errata/RHSA-2003-258.htmlREDHATPATCH Vendor Advisory
RHSA-2003:259http://www.redhat.com/support/errata/RHSA-2003-259.htmlREDHATPATCH Vendor Advisory
oval:org.mitre.oval:def:129https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129OVAL