Vulnerability Name:

CVE-2009-2697 (CCN-53021)

Assigned:2007-05-11
Published:2007-05-11
Updated:2017-09-19
Summary:The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-287
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2009-2697

Source: CCN
Type: RHSA-2009-1364
Low: gdm security and bug fix update

Source: SECUNIA
Type: Vendor Advisory
36553

Source: BID
Type: UNKNOWN
36219

Source: CCN
Type: BID-36219
Red Hat GNOME Display Manager Security Bypass Vulnerability

Source: CCN
Type: Red Hat Bugzilla Bug 239818
Bug 239818 - (CVE-2009-2697) CVE-2009-2697 gdm not built with tcp_wrappers

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=239818

Source: XF
Type: UNKNOWN
gdm-tcpwrapper-security-bypass(53021)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9586

Source: CCN
Type: RHSA-2009:1364-2
gdm security and bug fix update

Source: REDHAT
Type: Vendor Advisory
RHSA-2009:1364

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnome:gdm:0.7:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.8:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.13:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.14:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.15:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:*:*:*:*:*:*:*:* (Version <= 2.16)
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:redhat:enterprise_linux:5:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:5::client:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.16:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.15:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.14:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.13:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.8:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdm:0.7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:29259
    P
    		RHSA-2009:1364 -- gdm security and bug fix update (Low)
    2015-08-17
    oval:org.mitre.oval:def:22573
    P
    		ELSA-2009:1364: gdm security and bug fix update (Low)
    2014-05-26
    oval:org.mitre.oval:def:9586
    V
    		The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
    2013-04-29
    oval:com.redhat.rhsa:def:20091364
    P
    		RHSA-2009:1364: gdm security and bug fix update (Low)
    2009-09-02
    BACK
    gnome gdm 0.7
    gnome gdm 1.0
    gnome gdm 2.0
    gnome gdm 2.2
    gnome gdm 2.3
    gnome gdm 2.4
    gnome gdm 2.5
    gnome gdm 2.6
    gnome gdm 2.8
    gnome gdm 2.13
    gnome gdm 2.14
    gnome gdm 2.15
    gnome gdm *
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux desktop 5
    gnome gdm 2.16
    gnome gdm 2.15
    gnome gdm 2.14
    gnome gdm 2.13
    gnome gdm 2.8
    gnome gdm 2.6
    gnome gdm 2.5
    gnome gdm 2.4
    gnome gdm 2.3
    gnome gdm 2.2
    gnome gdm 2.0
    gnome gdm 1.0
    gnome gdm 0.7
    redhat enterprise linux 5
    redhat enterprise linux 5