Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0491Improper Restriction of Operations within the Bounds of a Memory Buffer in GDM

7 documents6 sources
Severity
10.0CRITICALNVD
EPSS
6.9%
top 8.57%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Gnome GDMSuse Linux
Timeline
PublishedMay 24
Latest updateMay 3

Description

Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDgnome/gdm1.0
NVDsuse/suse_linux6.2, 6.4+1

Patches

Patch: ftp.calderasystems.comPatch: ftp.calderasystems.com

🔴Vulnerability Details

2
GHSA
GHSA-26q8-4547-5jf2: Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of se2022-05-03
CVEList
CVE-2000-0491: Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of se2000-07-12

💥Exploits & PoCs

2
Exploit-DB
gdm 1.0.x/2.0.x BETA/2.2.0 - XDMCP Buffer Overflow (2)2000-05-22
Exploit-DB
gdm 1.0.x/2.0.x BETA/2.2.0 - XDMCP Buffer Overflow (1)2000-05-22

📋Vendor Advisories

1
Red Hat
security flaw2000-05-21

💬Community

1
Bugzilla
CVE-2000-0491 security flaw2018-08-16
CVE-2000-0491 — Gnome GDM vulnerability | cvebase