CVE-2009-2697

Current Description

The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.

Basic Data

PublishedSeptember 04, 2009
Last ModifiedSeptember 19, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-287
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationGnomeGdm0.7*******
      2.3ApplicationGnomeGdm1.0*******
      2.3ApplicationGnomeGdm2.0*******
      2.3ApplicationGnomeGdm2.2*******
      2.3ApplicationGnomeGdm2.3*******
      2.3ApplicationGnomeGdm2.4*******
      2.3ApplicationGnomeGdm2.5*******
      2.3ApplicationGnomeGdm2.6*******
      2.3ApplicationGnomeGdm2.8*******
      2.3ApplicationGnomeGdm2.13*******
      2.3ApplicationGnomeGdm2.14*******
      2.3ApplicationGnomeGdm2.15*******
      2.3ApplicationGnomeGdm********2.16
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSRedhatEnterprise Linux5*******

Vulnerable Software List

VendorProductVersions
Gnome Gdm *, 0.7, 1.0, 2.0, 2.13, 2.14, 2.15, 2.2, 2.3, 2.4, 2.5, 2.6, 2.8

References

NameSourceURLTags
36553http://secunia.com/advisories/36553SECUNIAVendor Advisory
36219http://www.securityfocus.com/bid/36219BID
https://bugzilla.redhat.com/show_bug.cgi?id=239818https://bugzilla.redhat.com/show_bug.cgi?id=239818CONFIRM
oval:org.mitre.oval:def:9586https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586OVAL
RHSA-2009:1364https://rhn.redhat.com/errata/RHSA-2009-1364.htmlREDHATVendor Advisory