Vulnerabilities > Gnome > GDM > Low

DATE CVE VULNERABILITY TITLE RISK
2007-08-07 CVE-2007-3381 Improper Input Validation vulnerability in Gnome GDM
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
local
gnome CWE-20
1.5
2006-06-09 CVE-2006-2452 Authentication Bypass vulnerability in GNOME Foundation GDM Configure Login Manager
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
local
high complexity
gnome
3.7
2006-04-25 CVE-2006-1057 Race Condition vulnerability in Gnome GDM 2.14
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
local
high complexity
gnome CWE-362
3.7
2003-11-17 CVE-2003-0793 Local Denial Of Service vulnerability in Multiple GDM
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
local
low complexity
gnome
2.1
2003-11-17 CVE-2003-0794 Local Denial Of Service vulnerability in Multiple GDM
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
local
low complexity
gnome
2.1
2003-08-27 CVE-2003-0547 GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
local
low complexity
gnome redhat
2.1
1999-12-05 CVE-1999-0990 Unspecified vulnerability in Gnome GDM 2.0Beta4
Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
local
low complexity
gnome
2.1