CVE-2009-2697 – gdm not built with tcp_wrappers
https://notcve.org/view.php?id=CVE-2009-2697
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. Red Hat build script para GNOME Display Manager (GDM) anterior a v2.16.0-56 en Red Hat Enterprise Linux (RHEL) v5 no da soporte a TCP Wrapper, lo que podría permitir a atacantes remotos saltar las restricciones de acceso previstas a través de conexiones XDMCP, una vulnerabilidad diferente que CVE-2007-5079. • http://secunia.com/advisories/36553 http://www.securityfocus.com/bid/36219 https://bugzilla.redhat.com/show_bug.cgi?id=239818 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586 https://rhn.redhat.com/errata/RHSA-2009-1364.html https://access.redhat.com/security/cve/CVE-2009-2697 • CWE-287: Improper Authentication •
CVE-2007-3381 – Gdm denial of service
https://notcve.org/view.php?id=CVE-2007-3381
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/. El demonio GDM en GNOME Display Mangager (GDM) anterior a 2.14.13, 2.16.x anterior a 2.16.7, 2.18.x anterior a 2.18.4, y 2.19.x anterir a 2.19.5 no maneja adecuadamente valores de retorno nulos (NULL) de la función g_strsplit, lo cual permite a usuarios locales provocar una denegación de servicio (caída persistente del demonio) mediante un comando manipulado hacia el socket del demonio, relacionado con (1) gdm.c y (2) gdmconfig.c en daemon/, y (3) gdmconfig.c y (4) gdmflexiserver.c en gui/. • http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news http://secunia.com/advisories/26313 http://secunia.com/advisories/26368 http://secunia.com/advisories/26520 http://secunia.com/advisories/26879 http://secunia.com/advisories/26900& • CWE-20: Improper Input Validation •