Vulnerabilities > CVE-2003-0547
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 | |
| Application | 2 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-085.NASL description Several vulnerabilities were discovered in versions of gdm prior to 2.4.1.6. The first vulnerability is that any user can read any text file on the system due to code originally written to be run as the user logging in was in fact being run as the root user. This code is what allows the examination of the ~/.xsession-errors file. If a user makes a symlink from this file to any other file on the system during the session and ensures that the session lasts less than ten seconds, the user can read the file provided it was readable as a text file. Another two vulnerabilities were found in the XDMCP code that could be exploited to crash the main gdm daemon which would inhibit starting any new sessions (although the current session would be unaffected). The first problem here is due to the indirect query structure being used right after being freed due to a missing last seen 2020-06-01 modified 2020-06-02 plugin id 14067 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14067 title Mandrake Linux Security Advisory : gdm (MDKSA-2003:085) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-259.NASL description Updated GDM packages are available which correct a local crash if XDMCP is enabled. GDM is the GNOME Display Manager for X. Two bugs have been found in the X Display Manager Control Protocol (XDMCP) which could allow a denial of service attack (DoS) by crashing the gdm daemon. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2003-0548 and CVE-2003-0549 to these issues. This attack is only possible if XDMCP is enabled. XDMCP is not enabled by default in Red Hat Enterprise Linux distributions. In addition is documented best practise that XDMCP should only ever be run on trusted networks. Users of XDMCP in GDM should upgrade to these erratum packages which contain backported security fixes are are not vulnerable to these issues. Note that Red Hat Enterprise Linux 2.1 is not vulnerable to CVE-2003-0547, a vulnerability that allows a local user to read any text file, as it did not have the last seen 2020-06-01 modified 2020-06-02 plugin id 12416 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12416 title RHEL 2.1 : gdm (RHSA-2003:259)
Oval
| accepted | 2007-04-25T19:52:14.522-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| description | GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:112 | ||||||||
| status | accepted | ||||||||
| submitted | 2003-09-04T12:00:00.000-04:00 | ||||||||
| title | GDM Examine Errors Symlink Vulnerability | ||||||||
| version | 38 |
Redhat
| advisories |
|
References
- http://www.redhat.com/support/errata/RHSA-2003-258.html
- http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729
- http://marc.info/?l=bugtraq&m=106194792924122&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112