FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-0727

This CVE name corresponds to:

Entered Topic
2011-03-29 gdm -- privilege escalation vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-0727 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-0727
Phase Assigned(20110201)

Description

GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.

References

Source Reference
MLIST [gdm-list] 20110328 GDM 2.32.1 released
CONFIRM http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=688323
DEBIAN DSA-2205
FEDORA FEDORA-2011-4335
FEDORA FEDORA-2011-4351
MANDRIVA MDVSA-2011:070
REDHAT RHSA-2011:0395
UBUNTU USN-1099-1
BID 47063
SECTRACK 1025264
SECUNIA 43714
SECUNIA 43854
SECUNIA 44021
VUPEN ADV-2011-0786
VUPEN ADV-2011-0787
VUPEN ADV-2011-0797
VUPEN ADV-2011-0847
VUPEN ADV-2011-0911
XF display-manager-priv-escalation(66377)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.