Vulnerabilities > CVE-2006-6105 - Local Format String vulnerability in GNOME Display Manager GDMChooser
Attack vector
LOCAL Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-231.NASL description Local exploitation of a format string vulnerability in GNOME Foundation last seen 2020-06-01 modified 2020-06-02 plugin id 24614 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24614 title Mandrake Linux Security Advisory : gdm (MDKSA-2006:231) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:231. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(24614); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-6105"); script_xref(name:"MDKSA", value:"2006:231"); script_name(english:"Mandrake Linux Security Advisory : gdm (MDKSA-2006:231)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Local exploitation of a format string vulnerability in GNOME Foundation's GNOME Display Manager host chooser window (gdmchooser) could allow an unauthenticated attacker to execute arbitrary code on the affected system. The updated packages have been patched to correct this issue." ); script_set_attribute( attribute:"solution", value:"Update the affected gdm and / or gdm-Xnest packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gdm-Xnest"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", reference:"gdm-2.16.0-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"gdm-Xnest-2.16.0-2.1mdv2007.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2006-1467.NASL description Fix for a recently reported security issue that has ID CVE-2006-6105. This fixes a problem where a user can enter strings like last seen 2020-06-01 modified 2020-06-02 plugin id 24074 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24074 title Fedora Core 5 : gdm-2.14.11-1.fc5 (2006-1467) NASL family Fedora Local Security Checks NASL id FEDORA_2006-1468.NASL description This update brings gdm to the latest stable upstream version, which among other bug fixes and improvements contains a fix for a recently reported security issue that has ID CVE-2006-6105. This fixes a problem where a user can enter strings like last seen 2020-06-01 modified 2020-06-02 plugin id 24075 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24075 title Fedora Core 6 : gdm-2.16.4-1.fc6 (2006-1468) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-396-1.NASL description A format string vulnerability was discovered in the gdmchooser component of the GNOME Display Manager. By typing a specially crafted host name, local users could gain gdm user privileges, which could lead to further account information exposure. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27982 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27982 title Ubuntu 6.06 LTS / 6.10 : gdm vulnerability (USN-396-1)
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Not vulnerable. This flaw was first introduced in gdm version 2.14. Therefore these issues did not affect the earlier versions of gdm as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453
- http://secunia.com/advisories/23381
- http://secunia.com/advisories/23385
- http://secunia.com/advisories/23387
- http://secunia.com/advisories/23409
- http://securitytracker.com/id?1017320
- http://securitytracker.com/id?1017383
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:231
- http://www.novell.com/linux/security/advisories/2006_29_sr.html
- http://www.osvdb.org/30848
- http://www.securityfocus.com/bid/21597
- http://www.ubuntu.com/usn/usn-396-1
- http://www.vupen.com/english/advisories/2006/5015
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30896