Vulnerabilities > CVE-2006-2452 - Authentication Bypass vulnerability in GNOME Foundation GDM Configure Login Manager
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-293-1.NASL description If the admin configured a gdm theme that provided an user list, any user could activate the gdm setup program by first choosing the setup option from the menu, clicking on the user list and entering his own (instead of root last seen 2020-06-01 modified 2020-06-02 plugin id 27865 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27865 title Ubuntu 5.10 / 6.06 LTS : gdm vulnerability (USN-293-1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-100.NASL description A vulnerability in gdm could allow a user to activate the gdm setup program if the administrator configured a gdm theme that provided a user list. The user could do so by choosing the setup option from the menu, clicking the user list, then entering his own password instead of root last seen 2020-06-01 modified 2020-06-02 plugin id 21716 published 2006-06-16 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21716 title Mandrake Linux Security Advisory : gdm (MDKSA-2006:100) NASL family SuSE Local Security Checks NASL id SUSE9_11050.NASL description This update solves a bug in GDM. This bug allows to bypass root authorization to access the login configuration. (CVE-2006-2452) last seen 2020-06-01 modified 2020-06-02 plugin id 41090 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41090 title SuSE9 Security Update : gdm (YOU Patch Number 11050) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200606-14.NASL description The remote host is affected by the vulnerability described in GLSA-200606-14 (GDM: Privilege escalation) GDM allows a normal user to access the configuration manager. Impact : When the last seen 2020-06-01 modified 2020-06-02 plugin id 21707 published 2006-06-16 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21707 title GLSA-200606-14 : GDM: Privilege escalation NASL family SuSE Local Security Checks NASL id SUSE_GDM-1582.NASL description This update solves a bug in GDM. This bug allows to bypass root authorization to access the login configuration. (CVE-2006-2452) last seen 2020-06-01 modified 2020-06-02 plugin id 27232 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27232 title openSUSE 10 Security Update : gdm (gdm-1582)
References
- http://bugzilla.gnome.org/show_bug.cgi?id=343476
- http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html
- http://secunia.com/advisories/20532
- http://secunia.com/advisories/20552
- http://secunia.com/advisories/20587
- http://secunia.com/advisories/20627
- http://secunia.com/advisories/20636
- http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:100
- http://www.securityfocus.com/archive/1/436428
- http://www.securityfocus.com/bid/18332
- http://www.vupen.com/english/advisories/2006/2239
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27018
- https://usn.ubuntu.com/293-1/