GNOME Foundation GDM .ICEauthority Improper File Permissions Vulnerability
BID:17635
Info
GNOME Foundation GDM .ICEauthority Improper File Permissions Vulnerability
| Bugtraq ID: | 17635 |
| Class: | Race Condition Error |
| CVE: |
CVE-2006-1057 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 20 2006 12:00AM |
| Updated: | May 01 2007 11:19PM |
| Credit: | Marcus Meissner is credited with the discovery of this vulnerability. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Redhat Fedora Core5 Redhat Fedora Core4 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Redhat Desktop 4.0 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 GNOME GDM 2.14.1 GNOME GDM 2.8.0.5 GNOME GDM 2.8.0.4 GNOME GDM 2.6.0.8 GNOME GDM 2.6.0.7 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: | |
Discussion
GNOME Foundation GDM .ICEauthority Improper File Permissions Vulnerability
GDM is prone to an improper file-permissions vulnerability.
An attacker can exploit this issue to gain access to sensitive or privileged information that may facilitate a complete compromise of the vulnerable computer.
GDM is prone to an improper file-permissions vulnerability.
An attacker can exploit this issue to gain access to sensitive or privileged information that may facilitate a complete compromise of the vulnerable computer.
Exploit / POC
GNOME Foundation GDM .ICEauthority Improper File Permissions Vulnerability
Attackers use standard utilities and applications to exploit this issue.
Attackers use standard utilities and applications to exploit this issue.
Solution / Fix
GNOME Foundation GDM .ICEauthority Improper File Permissions Vulnerability
Solution:
This issue has been addressed in the latest CVS repository.
Please see the referenced vendor advisories for more information.
GNOME GDM 2.8.0.5
GNOME GDM 2.6.0.8
GNOME GDM 2.6.0.7
GNOME GDM 2.8.0.4
Solution:
This issue has been addressed in the latest CVS repository.
Please see the referenced vendor advisories for more information.
GNOME GDM 2.8.0.5
-
Ubuntu gdm_2.8.0.5-0ubuntu1.1_amd64.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1 .1_amd64.deb -
Ubuntu gdm_2.8.0.5-0ubuntu1.1_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1 .1_i386.deb -
Ubuntu gdm_2.8.0.5-0ubuntu1.1_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1 .1_powerpc.deb
GNOME GDM 2.6.0.8
-
Debian gdm_2.6.0.8-1sarge2_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _alpha.deb -
Debian gdm_2.6.0.8-1sarge2_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _amd64.deb -
Debian gdm_2.6.0.8-1sarge2_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _arm.deb -
Debian gdm_2.6.0.8-1sarge2_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _hppa.deb -
Debian gdm_2.6.0.8-1sarge2_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _i386.deb -
Debian gdm_2.6.0.8-1sarge2_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _ia64.deb -
Debian gdm_2.6.0.8-1sarge2_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _m68k.deb -
Debian gdm_2.6.0.8-1sarge2_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _mips.deb -
Debian gdm_2.6.0.8-1sarge2_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _mipsel.deb -
Debian gdm_2.6.0.8-1sarge2_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _powerpc.deb -
Debian gdm_2.6.0.8-1sarge2_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _s390.deb -
Debian gdm_2.6.0.8-1sarge2_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _sparc.deb
GNOME GDM 2.6.0.7
-
Ubuntu gdm_2.6.0.7-0ubuntu7.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7-0ubuntu7 .1_amd64.deb -
Ubuntu gdm_2.6.0.7-0ubuntu7.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7-0ubuntu7 .1_i386.deb -
Ubuntu gdm_2.6.0.7-0ubuntu7.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7-0ubuntu7 .1_powerpc.deb
GNOME GDM 2.8.0.4
-
Mandriva gdm-2.8.0.4-1.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva gdm-2.8.0.4-1.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva gdm-Xnest-2.8.0.4-1.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva gdm-Xnest-2.8.0.4-1.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads/
References
GNOME Foundation GDM .ICEauthority Improper File Permissions Vulnerability
References:
References:
- GDM file permissions race condition (Josh Bressers)
- GNOME Display Manager Homepage (GNOME)
- RHSA-2007:0286 gdm security and bug fix update (Red Hat)