GNOME Display Manager GDMChooser Local Format String Vulnerability
BID:21597
Info
GNOME Display Manager GDMChooser Local Format String Vulnerability
| Bugtraq ID: | 21597 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-6105 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 14 2006 12:00AM |
| Updated: | Jan 25 2007 04:32PM |
| Credit: | The discoverer of this issue wishes to remain anonymous. This issue was disclosed in the referenced iDefense advisory. |
| Vulnerable: |
Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 S.u.S.E. openSUSE 10.2 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 GNOME GDM 2.16.2 GNOME GDM 2.16.1 GNOME GDM 2.16 GNOME GDM 2.14.1 |
| Not Vulnerable: |
GNOME GDM 2.17.4 GNOME GDM 2.16.4 GNOME GDM 2.14.11 |
Discussion
GNOME Display Manager GDMChooser Local Format String Vulnerability
GNOME Display Manager (GDM) is prone to a local format-string vulnerability because it fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
A local attacker may exploit this issue to execute arbitrary machine code in the context of the affected application.
GNOME Display Manager (GDM) is prone to a local format-string vulnerability because it fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
A local attacker may exploit this issue to execute arbitrary machine code in the context of the affected application.
Exploit / POC
GNOME Display Manager GDMChooser Local Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
GNOME Display Manager GDMChooser Local Format String Vulnerability
Solution:
The vendor has released versions 2.14.11, 2.16.4, and 2.17.4 to address this issue. Contact the vendor for details on obtaining and applying the appropriate updates.
Please see the referenced advisories for further information.
Mandriva Linux Mandrake 2007.0 x86_64
Mandriva Linux Mandrake 2007.0
Solution:
The vendor has released versions 2.14.11, 2.16.4, and 2.17.4 to address this issue. Contact the vendor for details on obtaining and applying the appropriate updates.
Please see the referenced advisories for further information.
Mandriva Linux Mandrake 2007.0 x86_64
-
Mandriva gdm-2.16.0-2.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva gdm-2.16.0-2.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva gdm-Xnest-2.16.0-2.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download
Mandriva Linux Mandrake 2007.0
-
Mandriva gdm-2.16.0-2.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva gdm-2.16.0-2.1mdv2007.0.src.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva gdm-Xnest-2.16.0-2.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
References
GNOME Display Manager GDMChooser Local Format String Vulnerability
References:
References: