CVE-2011-0727

Current Description

GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.

Basic Data

PublishedMarch 31, 2011
Last ModifiedAugust 17, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-59
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score6.9
SeverityMEDIUM
Exploitability Score3.4
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationGnomeGdm2.0*******
    2.3ApplicationGnomeGdm2.2*******
    2.3ApplicationGnomeGdm2.3*******
    2.3ApplicationGnomeGdm2.4*******
    2.3ApplicationGnomeGdm2.5*******
    2.3ApplicationGnomeGdm2.6*******
    2.3ApplicationGnomeGdm2.8*******
    2.3ApplicationGnomeGdm2.13*******
    2.3ApplicationGnomeGdm2.14*******
    2.3ApplicationGnomeGdm2.15*******
    2.3ApplicationGnomeGdm2.16*******
    2.3ApplicationGnomeGdm2.17*******
    2.3ApplicationGnomeGdm2.18*******
    2.3ApplicationGnomeGdm2.19*******
    2.3ApplicationGnomeGdm2.20*******
    2.3ApplicationGnomeGdm2.21*******
    2.3ApplicationGnomeGdm2.22*******
    2.3ApplicationGnomeGdm2.23*******
    2.3ApplicationGnomeGdm2.24*******
    2.3ApplicationGnomeGdm2.25*******
    2.3ApplicationGnomeGdm2.26*******
    2.3ApplicationGnomeGdm2.27*******
    2.3ApplicationGnomeGdm2.28*******
    2.3ApplicationGnomeGdm2.29*******
    2.3ApplicationGnomeGdm2.30*******
    2.3ApplicationGnomeGdm2.31*******
    2.3ApplicationGnomeGdm2.32*******

Vulnerable Software List

VendorProductVersions
Gnome Gdm 2.0, 2.13, 2.14, 2.15, 2.16, 2.17, 2.18, 2.19, 2.2, 2.20, 2.21, 2.22, 2.23, 2.24, 2.25, 2.26, 2.27, 2.28, 2.29, 2.3, 2.30, 2.31, 2.32, 2.4, 2.5, 2.6, 2.8

References

NameSourceURLTags
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.newshttp://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.newsCONFIRM
FEDORA-2011-4335http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.htmlFEDORA
FEDORA-2011-4351http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.htmlFEDORA
[gdm-list] 20110328 GDM 2.32.1 releasedhttp://mail.gnome.org/archives/gdm-list/2011-March/msg00020.htmlMLISTPATCH
43714http://secunia.com/advisories/43714SECUNIAVendor Advisory
43854http://secunia.com/advisories/43854SECUNIAVendor Advisory
44021http://secunia.com/advisories/44021SECUNIA
1025264http://securitytracker.com/id?1025264SECTRACK
DSA-2205http://www.debian.org/security/2011/dsa-2205DEBIAN
MDVSA-2011:070http://www.mandriva.com/security/advisories?name=MDVSA-2011:070MANDRIVA
RHSA-2011:0395http://www.redhat.com/support/errata/RHSA-2011-0395.htmlREDHAT
47063http://www.securityfocus.com/bid/47063BID
USN-1099-1http://www.ubuntu.com/usn/USN-1099-1UBUNTU
ADV-2011-0786http://www.vupen.com/english/advisories/2011/0786VUPENVendor Advisory
ADV-2011-0787http://www.vupen.com/english/advisories/2011/0787VUPENVendor Advisory
ADV-2011-0797http://www.vupen.com/english/advisories/2011/0797VUPENVendor Advisory
ADV-2011-0847http://www.vupen.com/english/advisories/2011/0847VUPEN
ADV-2011-0911http://www.vupen.com/english/advisories/2011/0911VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=688323https://bugzilla.redhat.com/show_bug.cgi?id=688323CONFIRMPATCH
display-manager-priv-escalation(66377)https://exchange.xforce.ibmcloud.com/vulnerabilities/66377XF