BID:105179

GNOME GDM CVE-2018-14424 Local Code Execution Vulnerability

CVE-2018-14424 |

Info

GNOME GDM CVE-2018-14424 Local Code Execution Vulnerability

Bugtraq ID:	105179
Class:	Unknown
CVE:	CVE-2018-14424
Remote:	No
Local:	Yes
Published:	Aug 13 2018 12:00AM
Updated:	Aug 13 2018 12:00AM
Credit:	Chris Coulson
Vulnerable:	GNOME GDM 3.29.1 GNOME GDM 3.28.1 GNOME GDM 3.28 GNOME GDM 3.27.92 GNOME GDM 3.27.91 GNOME GDM 3.27.90 GNOME GDM 3.27.4 GNOME GDM 3.27.3 GNOME GDM 3.26.1 GNOME GDM 3.18.1 GNOME GDM 3.18 GNOME GDM 2.21.1 GNOME GDM 2.20.11 GNOME GDM 2.20.10 GNOME GDM 2.19.5 GNOME GDM 2.19.4 GNOME GDM 2.19.3 GNOME GDM 2.19.2 GNOME GDM 2.19.1 GNOME GDM 2.18.4 GNOME GDM 2.18.3 GNOME GDM 2.18.2 GNOME GDM 2.18.1 GNOME GDM 2.17.4 GNOME GDM 2.16.7 GNOME GDM 2.16.6 GNOME GDM 2.16.5 GNOME GDM 2.16.4 GNOME GDM 2.16.3 GNOME GDM 2.16.2 GNOME GDM 2.16.1 GNOME GDM 2.16 GNOME GDM 2.14.13 GNOME GDM 2.14.12 GNOME GDM 2.14.11 GNOME GDM 2.14.1 GNOME GDM 3.4.1 GNOME GDM 2.8.0.5 GNOME GDM 2.8.0.4 GNOME GDM 2.8 GNOME GDM 2.6.0.8 GNOME GDM 2.6.0.7 GNOME GDM 2.4.1.6 GNOME GDM 2.4.1.5 GNOME GDM 2.4.1.4 GNOME GDM 2.4.1.3 GNOME GDM 2.4.1.2 GNOME GDM 2.4.1.1 GNOME GDM 2.4.1 GNOME GDM 2.30.0 GNOME GDM 2.29.0 GNOME GDM 2.28.0 GNOME GDM 2.2.0 GNOME GDM 2.12

Not Vulnerable:

Discussion

GNOME GDM CVE-2018-14424 Local Code Execution Vulnerability

GNOME GDM is prone to a local code-execution vulnerability.

Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition.

GNOME GDM 3.29.1 and prior versions are vulnerable.

Exploit / POC

GNOME GDM CVE-2018-14424 Local Code Execution Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

GNOME GDM CVE-2018-14424 Local Code Execution Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

GNOME GDM CVE-2018-14424 Local Code Execution Vulnerability

References:

Bug 1606915 - (CVE-2018-14424) CVE-2018-14424 gdm: use-after-free in the GDM dae (Red Hat Bugzilla)
CVE-2018-14424 (Red Hat Bugzilla)
CVE-2018-14424 use-after-free of disposed transient displays (GNOME)