|
|
Subscribe / Log in / New account

GDM allows local user to read any file

Package(s):GDM, XDMCP CVE #(s):CAN-2003-0547 CAN-2003-0548 CAN-2003-0549
Created:August 21, 2003 Updated:August 29, 2003
Description: GDM is the GNOME Display Manager for X.

Versions of GDM prior to 2.4.1.6 contain a bug where GDM will run as root when examining the ~/.xsession-errors file when using the "examine session errors" feature, allowing local users the ability to read any text file on the system by creating a symlink. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0547 to this issue.

Additional problems may be found in the X Display Manager Control Protocol (XDMCP) which allow a denial of service attack (DoS) by crashing the gdm daemon. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2003-0548 and CAN-2003-0549 to these issues.

Alerts:
Conectiva CLA-2003:729 gdm 2003-08-29
Slackware SSA:2003-236-01 gdm 2003-08-24
Mandrake MDKSA-2003:085 gdm 2003-08-21
Red Hat RHSA-2003:258-01 GDM 2003-08-21
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds