Info

Disclosure

Dec 14, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Gnome Display Manager contains a flaw that may allow a malicious user to to gain escalated privileges. The issue is is caused due to a format string error within the 'gdm_chooser_add_host()' function in gdm2/gui/gdmchooser.c. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Private, Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.14.11, 2.16.4, or 2.17, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

GNOME Project	Gdm	2.16
		2.16.1
		2.16.2
		2.14.1

References

Security Tracker: 1017320 1017383
CVE ID: 2006-6105 (see also: NVD)
Bugtraq ID: 21597
Secunia Advisory ID: 23381 23385 23387 23409
SCIP VulDB ID: 2758
ISS X-Force ID: 30896
VUPEN Advisory: ADV-2006-5015
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0248.html
Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0008.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:231
http://www.ubuntu.com/usn/usn-396-1

Credit

Anonymous - SEC Consult

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

GNOME Project

Gdm

References

Credit