Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-27837

Опубликовано: 28 дек. 2020
Источник: debian

Описание

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gdm3fixed3.38.2.1-1package
gdm3no-dsabusterpackage
gdm3no-dsastretchpackage

Примечания

  • https://gitlab.gnome.org/GNOME/gdm/-/issues/660

  • https://gitlab.gnome.org/GNOME/gdm/-/commit/dcdbaaa04012541ad2813cf83559d91d52f208b9 (master)

  • https://gitlab.gnome.org/GNOME/gdm/-/commit/9b6d9b24a5f69674447c7bc9aacfab0988b914bd (3.38.2.1)

Связанные уязвимости

ubuntu логотип

CVE-2020-27837

CVSS3: 6.4
ubuntu
около 5 лет назад

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.

redhat логотип

CVE-2020-27837

CVSS3: 6.3
redhat
около 5 лет назад

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.

nvd логотип

CVE-2020-27837

CVSS3: 6.4
nvd
около 5 лет назад

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.

github логотип

GHSA-xpm4-75c2-wrgc

github
больше 3 лет назад

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.