Описание
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
A vulnerability was found in GDM. If gdm can't contact the AccountService service via DBus in a timely manner it would default to assume there are no existing users and would allow the attacker to create a new user with high privileges.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | gdm | Out of support scope | ||
| Red Hat Enterprise Linux 6 | gdm | Out of support scope | ||
| Red Hat Enterprise Linux 7 | gdm | Out of support scope | ||
| Red Hat Enterprise Linux 9 | gdm | Not affected | ||
| Red Hat Enterprise Linux 8 | gdm | Fixed | RHSA-2021:1586 | 18.05.2021 |
Показывать по
Дополнительная информация
Статус:
6.4 Medium
CVSS3
Связанные уязвимости
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup ...
6.4 Medium
CVSS3