Vulnerability CVE-2003-0549

Vulnerability Name:

CVE-2003-0549 (CCN-12973)

Assigned:

2003-08-21

Published:

2003-08-21

Updated:

2017-10-11

Summary:

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: SGI Security Advisory 20031002-01-U
SGI Advanced Linux Environment security update #3

Source: MITRE
Type: CNA
CVE-2003-0549

Source: CONECTIVA
Type: UNKNOWN
CLA-2003:729

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2003:729
gdm

Source: CONFIRM
Type: UNKNOWN
http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html

Source: CCN
Type: RHSA-2003-258
GDM allows local user to read any file.

Source: CCN
Type: RHSA-2003-259
gdm security update

Source: CCN
Type: GDM Web site
GDM: the GNOME DISPLAY MANAGER

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2003:258

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2003:259

Source: CCN
Type: BID-8470
Multiple XDMCP GDM Unspecified Denial Of Service Vulnerabilities

Source: XF
Type: UNKNOWN
gdm-xdmcp-authorization-dos(12973)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:129

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnome:gdm:2.2.0:*:*:*:*:*:*:*

OR cpe:/a:gnome:gdm:2.4.1:*:*:*:*:*:*:*

OR cpe:/a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*

OR cpe:/a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*

OR cpe:/a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*

OR cpe:/a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*

OR cpe:/a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*

OR cpe:/a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*

OR cpe:/a:redhat:kdebase:2.0_beta2.45:*:i386:*:*:*:*:*

OR cpe:/a:redhat:kdebase:2.0_beta2.45:*:ppc:*:*:*:*:*

OR cpe:/a:redhat:kdebase:2.2.3.1.20:*:i386:*:*:*:*:*

OR cpe:/a:redhat:kdebase:2.2.3.1.20:*:ia64:*:*:*:*:*

OR cpe:/a:redhat:kdebase:2.2.3.1.22:*:i386:*:*:*:*:*

OR cpe:/a:redhat:kdebase:2.4.0.7.13:*:i386:*:*:*:*:*

OR cpe:/a:redhat:kdebase:2.4.1.3.5:*:i386:*:*:*:*:*

Configuration 2:

cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20030549	V	CVE-2003-0549	2015-11-16
oval:org.mitre.oval:def:129	V	GDM X Display Manager Authorization Vulnerability	2007-04-25

BACK