LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

GDM allows local user to read any file

Package(s):GDM, XDMCP CVE #(s):CAN-2003-0547 CAN-2003-0548 CAN-2003-0549
Created:August 21, 2003 Updated:August 29, 2003
Description: GDM is the GNOME Display Manager for X.

Versions of GDM prior to 2.4.1.6 contain a bug where GDM will run as root when examining the ~/.xsession-errors file when using the "examine session errors" feature, allowing local users the ability to read any text file on the system by creating a symlink. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0547 to this issue.

Additional problems may be found in the X Display Manager Control Protocol (XDMCP) which allow a denial of service attack (DoS) by crashing the gdm daemon. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2003-0548 and CAN-2003-0549 to these issues.

Alerts:
Conectiva CLA-2003:729 2003-08-29
Slackware SSA:2003-236-01 2003-08-24
Mandrake MDKSA-2003:085 2003-08-21
Red Hat RHSA-2003:258-01 2003-08-21
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds