Vulnerabilities > CVE-2006-2452 - Authentication Bypass vulnerability in GNOME Foundation GDM Configure Login Manager

047910
CVSS 3.7 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
high complexity
gnome
nessus
NVD
Published: 2006-06-09
Updated: 2018-10-03

Summary

GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.

Vulnerable Configurations

Part Description Count
Application
Gnome
4

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-293-1.NASL
    descriptionIf the admin configured a gdm theme that provided an user list, any user could activate the gdm setup program by first choosing the setup option from the menu, clicking on the user list and entering his own (instead of root
    last seen2020-06-01
    modified2020-06-02
    plugin id27865
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27865
    titleUbuntu 5.10 / 6.06 LTS : gdm vulnerability (USN-293-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-100.NASL
    descriptionA vulnerability in gdm could allow a user to activate the gdm setup program if the administrator configured a gdm theme that provided a user list. The user could do so by choosing the setup option from the menu, clicking the user list, then entering his own password instead of root
    last seen2020-06-01
    modified2020-06-02
    plugin id21716
    published2006-06-16
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21716
    titleMandrake Linux Security Advisory : gdm (MDKSA-2006:100)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_11050.NASL
    descriptionThis update solves a bug in GDM. This bug allows to bypass root authorization to access the login configuration. (CVE-2006-2452)
    last seen2020-06-01
    modified2020-06-02
    plugin id41090
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41090
    titleSuSE9 Security Update : gdm (YOU Patch Number 11050)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200606-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200606-14 (GDM: Privilege escalation) GDM allows a normal user to access the configuration manager. Impact : When the
    last seen2020-06-01
    modified2020-06-02
    plugin id21707
    published2006-06-16
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21707
    titleGLSA-200606-14 : GDM: Privilege escalation
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GDM-1582.NASL
    descriptionThis update solves a bug in GDM. This bug allows to bypass root authorization to access the login configuration. (CVE-2006-2452)
    last seen2020-06-01
    modified2020-06-02
    plugin id27232
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27232
    titleopenSUSE 10 Security Update : gdm (gdm-1582)

References