Vulnerabilities > CVE-2000-0491 - Buffer Overflow vulnerability in GNOME gdm XDMCP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 1 | |
OS | 2 |
Exploit-Db
description gdm 1.0 .x/2.0 .x BETA/2.2 .0 XDMCP Buffer Overflow Vulnerability (1). CVE-2000-0491. Remote exploit for linux platform id EDB-ID:19947 last seen 2016-02-02 modified 2000-05-22 published 2000-05-22 reporter Chris Evans source https://www.exploit-db.com/download/19947/ title gdm 1.0.x/2.0.x BETA/2.2.0 - XDMCP Buffer Overflow Vulnerability 1 description gdm 1.0 .x/2.0 .x BETA/2.2 .0 XDMCP Buffer Overflow Vulnerability (2). CVE-2000-0491. Remote exploit for linux platform id EDB-ID:19948 last seen 2016-02-02 modified 2000-05-22 published 2000-05-22 reporter AbraxaS source https://www.exploit-db.com/download/19948/ title gdm 1.0.x/2.0.x BETA/2.2.0 - XDMCP Buffer Overflow Vulnerability 2
Nessus
NASL family | Mandriva Local Security Checks |
NASL id | MANDRAKE_MDKSA-2001-070.NASL |
description | A buffer overrun exists in the XDMCP handling code used in gdm. By sending a properly crafted XDMCP message, it is possible for a remote attacker to execute arbitrary commands as root on the susceptible machine. By default, XDMCP is disabled in gdm.conf on Mandrake Linux. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 13885 |
published | 2004-07-31 |
reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/13885 |
title | Mandrake Linux Security Advisory : gdm (MDKSA-2001:070) |
code |
|
References
- ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt
- http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html
- http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html
- http://www.novell.com/linux/security/advisories/suse_security_announce_49.html
- http://www.securityfocus.com/bid/1233
- http://www.securityfocus.com/bid/1279
- http://www.securityfocus.com/bid/1370