CVE-2011-1709

Current Description

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.

Basic Data

PublishedJune 14, 2011
Last ModifiedSeptember 07, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationGnomeGdm1.0*******
      2.3ApplicationGnomeGdm2.0*******
      2.3ApplicationGnomeGdm2.2*******
      2.3ApplicationGnomeGdm2.3*******
      2.3ApplicationGnomeGdm2.4*******
      2.3ApplicationGnomeGdm2.5*******
      2.3ApplicationGnomeGdm2.6*******
      2.3ApplicationGnomeGdm2.8*******
      2.3ApplicationGnomeGdm2.13*******
      2.3ApplicationGnomeGdm2.14*******
      2.3ApplicationGnomeGdm2.15*******
      2.3ApplicationGnomeGdm2.16*******
      2.3ApplicationGnomeGdm2.17*******
      2.3ApplicationGnomeGdm2.18*******
      2.3ApplicationGnomeGdm2.19*******
      2.3ApplicationGnomeGdm2.20*******
      2.3ApplicationGnomeGdm2.21*******
      2.3ApplicationGnomeGdm2.22*******
      2.3ApplicationGnomeGdm2.23*******
      2.3ApplicationGnomeGdm2.24*******
      2.3ApplicationGnomeGdm2.25*******
      2.3ApplicationGnomeGdm2.26*******
      2.3ApplicationGnomeGdm2.27*******
      2.3ApplicationGnomeGdm2.28*******
      2.3ApplicationGnomeGdm2.29*******
      2.3ApplicationGnomeGdm2.30*******
      2.3ApplicationGnomeGdm2.31*******
      2.3ApplicationGnomeGdm2.32*******
      2.3ApplicationGnomeGdm2.32.1*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationGnomeGlib2.28*******

Vulnerable Software List

VendorProductVersions
Gnome Gdm 1.0, 2.0, 2.13, 2.14, 2.15, 2.16, 2.17, 2.18, 2.19, 2.2, 2.20, 2.21, 2.22, 2.23, 2.24, 2.25, 2.26, 2.27, 2.28, 2.29, 2.3, 2.30, 2.31, 2.32, 2.32.1, 2.4, 2.5, 2.6, 2.8

References

NameSourceURLTags
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.newshttp://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.newsCONFIRM
http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08dhttp://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08dCONFIRMPATCH
FEDORA-2011-7822http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.htmlFEDORA
44797http://secunia.com/advisories/44797SECUNIAVendor Advisory
44808http://secunia.com/advisories/44808SECUNIA
48084http://www.securityfocus.com/bid/48084BID
USN-1142-1http://www.ubuntu.com/usn/USN-1142-1UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=709139https://bugzilla.redhat.com/show_bug.cgi?id=709139CONFIRMPATCH
openSUSE-SU-2011:0581https://hermes.opensuse.org/messages/8643655SUSE