GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Jun 12, 2006 8:26 pm Post subject: [ GLSA 200606-14 ] GDM: Privilege escalation |
|
|
Gentoo Linux Security Advisory
Title: GDM: Privilege escalation (GLSA 200606-14)
Severity: high
Exploitable: local
Date: June 12, 2006
Updated: June 19, 2006
Bug(s): #135027
ID: 200606-14
Synopsis
An authentication error in GDM could allow users to gain elevated privileges.
Background
GDM is the GNOME display manager.
Affected Packages
Package: gnome-base/gdm
Vulnerable: < 2.8.0.8
Unaffected: >= 2.8.0.8
Architectures: All supported architectures
Description
GDM allows a normal user to access the configuration manager.
Impact
When the "face browser" in GDM is enabled, a normal user can use the "configure login manager" with his/her own password instead of the root password, and thus gain additional privileges.
Workaround
There is no known workaround at this time.
Resolution
All GDM users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=gnome-base/gdm-2.8.0.8" |
References
Gnome Bugzilla entry
CVE-2006-2452
Last edited by GLSA on Tue Jun 20, 2006 4:19 am; edited 1 time in total |
|