Vulnerability Name:

CVE-2006-2452 (CCN-27018)

Assigned:2006-06-08
Published:2006-06-08
Updated:2018-10-03
Summary:GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
CVSS v3 Severity:4.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:3.7 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
3.7 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: BugTraq Mailing List, Thu Jun 08 2006 - 09:43:30 CDT
rPSA-2006-0098-1 gdm

Source: CCN
Type: GNOME Bug 343476
CRITICAL ERROR IN GDM! : GDM Allow to an ordinary user access to "Configure Login Manager..."

Source: CONFIRM
Type: UNKNOWN
http://bugzilla.gnome.org/show_bug.cgi?id=343476

Source: MITRE
Type: CNA
CVE-2006-2452

Source: CCN
Type: GNOME Web site
Index of /pub/gnome/sources/gdm

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:013

Source: CCN
Type: SA20532
GNOME Display Manager Configuration GUI Access Vulnerability

Source: SECUNIA
Type: UNKNOWN
20532

Source: SECUNIA
Type: UNKNOWN
20552

Source: SECUNIA
Type: UNKNOWN
20587

Source: SECUNIA
Type: UNKNOWN
20627

Source: SECUNIA
Type: UNKNOWN
20636

Source: CCN
Type: GLSA-200606-14
GDM: Privilege escalation

Source: GENTOO
Type: UNKNOWN
GLSA-200606-14

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:100

Source: CCN
Type: OSVDB ID: 26269
GNOME Display Manager (gdm) Configure Login Manager Authentication Privilege Escalation

Source: BUGTRAQ
Type: UNKNOWN
20060608 rPSA-2006-0098-1 gdm

Source: BID
Type: UNKNOWN
18332

Source: CCN
Type: BID-18332
GNOME Foundation GDM Configure Login Manager Authentication Bypass Vulnerability

Source: CCN
Type: USN-293-1
gdm vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-2239

Source: XF
Type: UNKNOWN
gdm-facebrowser-security-bypass(27018)

Source: XF
Type: UNKNOWN
gdm-facebrowser-security-bypass(27018)

Source: UBUNTU
Type: UNKNOWN
USN-293-1

Source: SUSE
Type: SUSE-SR:2006:013
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnome:gdm:2.8:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.12:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.14:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.15:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20062452
    V
    		CVE-2006-2452
    2015-11-16
    BACK
    gnome gdm 2.8
    gnome gdm 2.12
    gnome gdm 2.14
    gnome gdm 2.15