| Vulnerability Name: | CVE-2011-0727 (CCN-66377) | ||||||||||||||||||||||||||||
| Assigned: | 2011-03-28 | ||||||||||||||||||||||||||||
| Published: | 2011-03-28 | ||||||||||||||||||||||||||||
| Updated: | 2017-08-17 | ||||||||||||||||||||||||||||
| Summary: | GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.1 Medium (REDHAT Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-59 | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2011-0727 Source: CONFIRM Type: UNKNOWN http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news Source: FEDORA Type: UNKNOWN FEDORA-2011-4335 Source: FEDORA Type: UNKNOWN FEDORA-2011-4351 Source: MLIST Type: Patch [gdm-list] 20110328 GDM 2.32.1 released Source: CCN Type: RHSA-2011-0395 Moderate: gdm security update Source: SECUNIA Type: Vendor Advisory 43714 Source: CCN Type: SA43854 GNOME Display Manager Cache Files Handling Privilege Escalation Vulnerability Source: SECUNIA Type: Vendor Advisory 43854 Source: SECUNIA Type: UNKNOWN 44021 Source: SECTRACK Type: UNKNOWN 1025264 Source: DEBIAN Type: UNKNOWN DSA-2205 Source: DEBIAN Type: DSA-2205 gdm3 -- privilege escalation Source: CCN Type: GDM Web site GDM - The GNOME Display Manager Source: MANDRIVA Type: UNKNOWN MDVSA-2011:070 Source: CCN Type: OSVDB ID: 72551 GNOME Display Manager (gdm) /var/cache/gdm/ Multiple File Symlink Local Privilege Escalation Source: REDHAT Type: UNKNOWN RHSA-2011:0395 Source: BID Type: UNKNOWN 47063 Source: CCN Type: BID-47063 GNOME Display Manager Race Condition Local Privilege Escalation Vulnerability Source: UBUNTU Type: UNKNOWN USN-1099-1 Source: VUPEN Type: Vendor Advisory ADV-2011-0786 Source: VUPEN Type: Vendor Advisory ADV-2011-0787 Source: VUPEN Type: Vendor Advisory ADV-2011-0797 Source: VUPEN Type: UNKNOWN ADV-2011-0847 Source: VUPEN Type: UNKNOWN ADV-2011-0911 Source: CCN Type: Red Hat Bugzilla Bug 688323 (CVE-2011-0727) CVE-2011-0727 gdm: privilege escalation vulnerability Source: CONFIRM Type: Patch https://bugzilla.redhat.com/show_bug.cgi?id=688323 Source: XF Type: UNKNOWN display-manager-priv-escalation(66377) Source: XF Type: UNKNOWN display-manager-priv-escalation(66377) Source: SUSE Type: SUSE-SR:2011:006 SUSE Security Summary Report | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||