Vulnerabilities > CVE-2003-0793 - Local Denial Of Service vulnerability in Multiple GDM
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-100.NASL description Two vulnerabilities were discovered in gdm by Jarno Gassenbauer that would allow a local attacker to cause gdm to crash or freeze. The provided packages are patched to fix this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 14082 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14082 title Mandrake Linux Security Advisory : gdm (MDKSA-2003:100) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:100. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14082); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2003-0793", "CVE-2003-0794"); script_xref(name:"MDKSA", value:"2003:100"); script_name(english:"Mandrake Linux Security Advisory : gdm (MDKSA-2003:100)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Two vulnerabilities were discovered in gdm by Jarno Gassenbauer that would allow a local attacker to cause gdm to crash or freeze. The provided packages are patched to fix this problem." ); script_set_attribute( attribute:"solution", value:"Update the affected gdm and / or gdm-Xnest packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gdm-Xnest"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2003/10/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"gdm-2.4.1.6-0.4.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"gdm-Xnest-2.4.1.6-0.4.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"gdm-2.4.4.0-2.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"gdm-Xnest-2.4.4.0-2.1.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2003-300-01.NASL description GDM is the GNOME Display Manager, and is commonly used to provide a graphical login for local users. Upgraded gdm packages are available for Slackware 9.0, 9.1, and -current. These fix two vulnerabilities which could allow a local user to crash or freeze gdm, preventing access to the machine until a reboot. Sites using gdm should upgrade, especially sites such as computer labs that use gdm to provide public or semi-public access. last seen 2020-06-01 modified 2020-06-02 plugin id 18732 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18732 title Slackware 9.0 / 9.1 / current : gdm security update (SSA:2003-300-01)
References
- http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:100
- http://www.securityfocus.com/bid/8846
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13447