| Vulnerability Name: | CVE-2003-0547 (CCN-12971) | ||||||||||||
| Assigned: | 2003-08-21 | ||||||||||||
| Published: | 2003-08-21 | ||||||||||||
| Updated: | 2017-10-11 | ||||||||||||
| Summary: | GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file. | ||||||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2003-0547 Source: CONECTIVA Type: UNKNOWN CLA-2003:729 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2003:729 gdm Source: CONFIRM Type: UNKNOWN http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html Source: BUGTRAQ Type: UNKNOWN 20030824 [slackware-security] GDM security update (SSA:2003-236-01) Source: CCN Type: RHSA-2003-258 GDM allows local user to read any file. Source: CCN Type: GDM Web site GDM: the GNOME DISPLAY MANAGER Source: CCN Type: OSVDB ID: 2461 GDM .xsession-errors Symlink Arbitrary File Read Source: REDHAT Type: Patch, Vendor Advisory RHSA-2003:258 Source: CCN Type: BID-8469 GDM Xsession-Errors Insecure File Handling Vulnerability Source: CCN Type: slackware-security Mailing List, Sun, 24 Aug 2003 15:48:28 -0700 (PDT) GDM security update Source: CCN Type: TLSA-2003-48 Multiple vulnerabilities in gdm Source: XF Type: UNKNOWN gdm-xsessions-errors-symlink(12971) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:112 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||