Vulnerabilities > Gnome > GDM > 2.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-06-14 | CVE-2011-1709 | Permissions, Privileges, and Access Controls vulnerability in Gnome GDM GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. | 7.2 |
2011-03-31 | CVE-2011-0727 | Link Following vulnerability in Gnome GDM GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. | 6.9 |
2009-09-04 | CVE-2009-2697 | Improper Authentication vulnerability in Gnome GDM The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. | 6.8 |
2007-08-07 | CVE-2007-3381 | Improper Input Validation vulnerability in Gnome GDM The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/. | 1.5 |
2006-06-09 | CVE-2006-2452 | Authentication Bypass vulnerability in GNOME Foundation GDM Configure Login Manager GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges. | 3.7 |