{"api_version":"1","generated_at":"2026-04-23T19:06:21+00:00","cve":"CVE-2006-2452","urls":{"html":"https://cve.report/CVE-2006-2452","api":"https://cve.report/api/cve/CVE-2006-2452.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-2452","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-2452"},"summary":{"title":"CVE-2006-2452","description":"GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2006-06-09 10:02:00","updated_at":"2018-10-03 21:40:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://www.vupen.com/english/advisories/2006/2239","name":"ADV-2006-2239","refsource":"VUPEN","tags":[],"title":"Webmail | OVH- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/436428","name":"20060608 rPSA-2006-0098-1 gdm","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20627","name":"20627","refsource":"SECUNIA","tags":[],"title":"SUSE Updates for Multiple Packages - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27018","name":"gdm-facebrowser-security-bypass(27018)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/293-1/","name":"USN-293-1","refsource":"UBUNTU","tags":[],"title":"USN-293-1: gdm vulnerability | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html","name":"SUSE-SR:2006:013","refsource":"SUSE","tags":[],"title":"SuSE Security announcements: [suse-security-announce] SUSE Security Summary Report SUSE-SR:2006:013","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/18332","name":"18332","refsource":"BID","tags":[],"title":"GNOME Foundation GDM Configure Login Manager Authentication Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/20532","name":"20532","refsource":"SECUNIA","tags":[],"title":"GNOME Display Manager Configuration GUI Access Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml","name":"GLSA-200606-14","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  GDM: Privilege escalation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20552","name":"20552","refsource":"SECUNIA","tags":[],"title":"Ubuntu update for gdm - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:100","name":"MDKSA-2006:100","refsource":"MANDRIVA","tags":[],"title":"Advisories - Mandriva Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20636","name":"20636","refsource":"SECUNIA","tags":[],"title":"Gentoo update for gdm - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://bugzilla.gnome.org/show_bug.cgi?id=343476","name":"http://bugzilla.gnome.org/show_bug.cgi?id=343476","refsource":"CONFIRM","tags":[],"title":"Bug 343476 – CRITICAL ERROR IN GDM! : GDM Allow to an ordinary user access to \"Configure Login Manager...\"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20587","name":"20587","refsource":"SECUNIA","tags":[],"title":"Mandriva update for gdm - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-2452","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-2452","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"2452","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnome","cpe5":"gdm","cpe6":"2.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2452","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnome","cpe5":"gdm","cpe6":"2.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2452","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnome","cpe5":"gdm","cpe6":"2.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2452","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnome","cpe5":"gdm","cpe6":"2.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2452","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnome","cpe5":"gdm","cpe6":"2.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2452","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnome","cpe5":"gdm","cpe6":"2.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2452","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnome","cpe5":"gdm","cpe6":"2.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2452","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnome","cpe5":"gdm","cpe6":"2.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2006-2452","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20532","refsource":"SECUNIA","url":"http://secunia.com/advisories/20532"},{"name":"SUSE-SR:2006:013","refsource":"SUSE","url":"http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"},{"name":"20627","refsource":"SECUNIA","url":"http://secunia.com/advisories/20627"},{"name":"ADV-2006-2239","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2239"},{"name":"USN-293-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/293-1/"},{"name":"20060608 rPSA-2006-0098-1 gdm","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/436428"},{"name":"http://bugzilla.gnome.org/show_bug.cgi?id=343476","refsource":"CONFIRM","url":"http://bugzilla.gnome.org/show_bug.cgi?id=343476"},{"name":"GLSA-200606-14","refsource":"GENTOO","url":"http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"},{"name":"18332","refsource":"BID","url":"http://www.securityfocus.com/bid/18332"},{"name":"20636","refsource":"SECUNIA","url":"http://secunia.com/advisories/20636"},{"name":"gdm-facebrowser-security-bypass(27018)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"},{"name":"20587","refsource":"SECUNIA","url":"http://secunia.com/advisories/20587"},{"name":"20552","refsource":"SECUNIA","url":"http://secunia.com/advisories/20552"},{"name":"MDKSA-2006:100","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"}]}},"nvd":{"publishedDate":"2006-06-09 10:02:00","lastModifiedDate":"2018-10-03 21:40:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:H/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":3.7},"severity":"LOW","exploitabilityScore":1.9,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnome:gdm:2.12:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"2452","Ordinal":"17764","Title":"CVE-2006-2452","CVE":"CVE-2006-2452","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"2452","Ordinal":"1","NoteData":"GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"2452","Ordinal":"2","NoteData":"2006-06-09","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"2452","Ordinal":"3","NoteData":"2018-10-03","Type":"Other","Title":"Modified"}]}}}