CVE-2010-2387
Summary
| CVE | CVE-2010-2387 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-12-21 05:46:00 UTC |
| Updated | 2017-08-17 01:32:00 UTC |
| Description | vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. |
Risk And Classification
Problem Types: CWE-255
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Gnome | Gnome Display Manager | 2.20.0 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.1 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.10 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.2 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.3 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.4 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.5 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.6 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.7 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.8 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.9 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.0 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.1 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.10 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.2 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.3 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.4 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.5 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.6 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.7 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.8 | All | All | All |
| Application | Gnome | Gnome Display Manager | 2.20.9 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 66643 | OSVDB | www.osvdb.org | |
| GNOME Display Manager Password Disclosure Weakness - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| Sun Solaris GNOME Display Manager Password Disclosure Weakness - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes | CONFIRM | ftp.gnome.org | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| You have travelled where no person has gone before… | AUSCERT | www.auscert.org.au | US Government Resource |
| CVE-2010-2387 Password disclosure vulnerability in GNOME Display Manager (gdm) (Third Party Vulnerability Resolution Blog) | CONFIRM | blogs.oracle.com | |
| Bug 571846 – user password may end up in /var/log/messages | CONFIRM | bugzilla.gnome.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.