Vulnerabilities > CVE-2000-0491

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
gnome
suse
caldera
nessus
exploit available

Summary

Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.

Vulnerable Configurations

Part Description Count
Application
Gnome
1
OS
Suse
2
OS
Caldera
1

Exploit-Db

  • descriptiongdm 1.0 .x/2.0 .x BETA/2.2 .0 XDMCP Buffer Overflow Vulnerability (1). CVE-2000-0491. Remote exploit for linux platform
    idEDB-ID:19947
    last seen2016-02-02
    modified2000-05-22
    published2000-05-22
    reporterChris Evans
    sourcehttps://www.exploit-db.com/download/19947/
    titlegdm 1.0.x/2.0.x BETA/2.2.0 - XDMCP Buffer Overflow Vulnerability 1
  • descriptiongdm 1.0 .x/2.0 .x BETA/2.2 .0 XDMCP Buffer Overflow Vulnerability (2). CVE-2000-0491. Remote exploit for linux platform
    idEDB-ID:19948
    last seen2016-02-02
    modified2000-05-22
    published2000-05-22
    reporterAbraxaS
    sourcehttps://www.exploit-db.com/download/19948/
    titlegdm 1.0.x/2.0.x BETA/2.2.0 - XDMCP Buffer Overflow Vulnerability 2

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2001-070.NASL
descriptionA buffer overrun exists in the XDMCP handling code used in gdm. By sending a properly crafted XDMCP message, it is possible for a remote attacker to execute arbitrary commands as root on the susceptible machine. By default, XDMCP is disabled in gdm.conf on Mandrake Linux.
last seen2020-06-01
modified2020-06-02
plugin id13885
published2004-07-31
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/13885
titleMandrake Linux Security Advisory : gdm (MDKSA-2001:070)
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2001:070. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(13885);
  script_version ("1.18");
  script_cvs_date("Date: 2019/08/02 13:32:46");

  script_cve_id("CVE-2000-0491");
  script_bugtraq_id(1233);
  script_xref(name:"MDKSA", value:"2001:070");

  script_name(english:"Mandrake Linux Security Advisory : gdm (MDKSA-2001:070)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Mandrake Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A buffer overrun exists in the XDMCP handling code used in gdm. By
sending a properly crafted XDMCP message, it is possible for a remote
attacker to execute arbitrary commands as root on the susceptible
machine. By default, XDMCP is disabled in gdm.conf on Mandrake Linux."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected gdm package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gdm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2001/08/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"gdm-2.2.3.2-2.1mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");