Описание
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-3381
- https://issues.rpath.com/browse/RPL-1599
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887
- http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news
- http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes
- http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news
- http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news
- http://secunia.com/advisories/26313
- http://secunia.com/advisories/26368
- http://secunia.com/advisories/26520
- http://secunia.com/advisories/26879
- http://secunia.com/advisories/26900
- http://security.gentoo.org/glsa/glsa-200709-11.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:169
- http://www.redhat.com/support/errata/RHSA-2007-0777.html
- http://www.securityfocus.com/archive/1/475451/30/5550/threaded
- http://www.securityfocus.com/bid/25191
- http://www.securitytracker.com/id?1018523
- http://www.vupen.com/english/advisories/2007/2781
Связанные уязвимости
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x b ...
ELSA-2007-0777: Moderate: gdm security and bug fix update (MODERATE)