CVE-2011-1709
https://notcve.org/view.php?id=CVE-2011-1709
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. GNOME Display Manager (GDM) antes de v2.32.2, cuando se utiliza glib v2.28, permite la ejecución de un navegador web con el uid de la cuenta de gdm, que permite a usuarios locales conseguir privilegios a través de vectores implican el tipo MIME x-scheme-handler/http. • http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html http://secunia.com/advisories/44797 http://secunia.com/advisories/44808 http://www.securityfocus.com/bid/48084 http://www.ubuntu.com/usn/USN-1142-1 https://bugzilla.redhat.com/show_bug.cgi?id=709139 https://hermes.opensuse.org/messages/8643655 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-2697 – gdm not built with tcp_wrappers
https://notcve.org/view.php?id=CVE-2009-2697
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. Red Hat build script para GNOME Display Manager (GDM) anterior a v2.16.0-56 en Red Hat Enterprise Linux (RHEL) v5 no da soporte a TCP Wrapper, lo que podría permitir a atacantes remotos saltar las restricciones de acceso previstas a través de conexiones XDMCP, una vulnerabilidad diferente que CVE-2007-5079. • http://secunia.com/advisories/36553 http://www.securityfocus.com/bid/36219 https://bugzilla.redhat.com/show_bug.cgi?id=239818 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586 https://rhn.redhat.com/errata/RHSA-2009-1364.html https://access.redhat.com/security/cve/CVE-2009-2697 • CWE-287: Improper Authentication •
CVE-2007-3381 – Gdm denial of service
https://notcve.org/view.php?id=CVE-2007-3381
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/. El demonio GDM en GNOME Display Mangager (GDM) anterior a 2.14.13, 2.16.x anterior a 2.16.7, 2.18.x anterior a 2.18.4, y 2.19.x anterir a 2.19.5 no maneja adecuadamente valores de retorno nulos (NULL) de la función g_strsplit, lo cual permite a usuarios locales provocar una denegación de servicio (caída persistente del demonio) mediante un comando manipulado hacia el socket del demonio, relacionado con (1) gdm.c y (2) gdmconfig.c en daemon/, y (3) gdmconfig.c y (4) gdmflexiserver.c en gui/. • http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news http://secunia.com/advisories/26313 http://secunia.com/advisories/26368 http://secunia.com/advisories/26520 http://secunia.com/advisories/26879 http://secunia.com/advisories/26900& • CWE-20: Improper Input Validation •
CVE-2000-0504 – Gnome 1.0/1.1 / Group X 11.0 / XFree86 X11R6 3.3.x/4.0 - Denial of Service
https://notcve.org/view.php?id=CVE-2000-0504
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. • https://www.exploit-db.com/exploits/20023 http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html http://www.securityfocus.com/bid/1369 http://www.xfree86.org/security •
CVE-2000-0491 – gdm 1.0.x/2.0.x BETA/2.2.0 - XDMCP Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-0491
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request. • https://www.exploit-db.com/exploits/19948 https://www.exploit-db.com/exploits/19947 ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html http://www.novell.com/linux/security/advisories/suse_security_announce_49.html http://www.securityfocus.com/bid/1233 http://www.securityfocus.com/bid/1279 http://www.securityfocus.com/bid/1370 •