CVE Vulnerabilities

CVE-2011-1709

Published: Jun 14, 2011 | Modified: Sep 07, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
4 MODERATE
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V3
Ubuntu
LOW

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.

Affected Software

Name Vendor Start Version End Version
Gdm Gnome 1.0 (including) 1.0 (including)
Gdm Gnome 2.0 (including) 2.0 (including)
Gdm Gnome 2.2 (including) 2.2 (including)
Gdm Gnome 2.3 (including) 2.3 (including)
Gdm Gnome 2.4 (including) 2.4 (including)
Gdm Gnome 2.5 (including) 2.5 (including)
Gdm Gnome 2.6 (including) 2.6 (including)
Gdm Gnome 2.8 (including) 2.8 (including)
Gdm Gnome 2.13 (including) 2.13 (including)
Gdm Gnome 2.14 (including) 2.14 (including)
Gdm Gnome 2.15 (including) 2.15 (including)
Gdm Gnome 2.16 (including) 2.16 (including)
Gdm Gnome 2.17 (including) 2.17 (including)
Gdm Gnome 2.18 (including) 2.18 (including)
Gdm Gnome 2.19 (including) 2.19 (including)
Gdm Gnome 2.20 (including) 2.20 (including)
Gdm Gnome 2.21 (including) 2.21 (including)
Gdm Gnome 2.22 (including) 2.22 (including)
Gdm Gnome 2.23 (including) 2.23 (including)
Gdm Gnome 2.24 (including) 2.24 (including)
Gdm Gnome 2.25 (including) 2.25 (including)
Gdm Gnome 2.26 (including) 2.26 (including)
Gdm Gnome 2.27 (including) 2.27 (including)
Gdm Gnome 2.28 (including) 2.28 (including)
Gdm Gnome 2.29 (including) 2.29 (including)
Gdm Gnome 2.30 (including) 2.30 (including)
Gdm Gnome 2.31 (including) 2.31 (including)
Gdm Gnome 2.32 (including) 2.32 (including)
Gdm Gnome 2.32.1 (including) 2.32.1 (including)
Gdm Ubuntu devel *
Gdm Ubuntu hardy *
Gdm Ubuntu natty *

References