CVE-2000-0491
published 2000-05-24CVE-2000-0491: Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via…
PriorityP344critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
17.78%
96.8th percentile
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnome | gdm | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-26q8-4547-5jf2: Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of se
ghsa_unreviewed·2022-05-03
CVE-2000-0491 [HIGH] GHSA-26q8-4547-5jf2: Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of se
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
Red Hat
security flaw
vendor_redhat·2000-05-21·CVSS 10.0
CVE-2000-0491 [CRITICAL] security flaw
security flaw
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
Statement: This issue was fixed in the following product:
- Red Hat Linux 6.2 - RHSA-2000:027 (2000-05-21)
No detection rules found.
Exploit-DB
gdm 1.0.x/2.0.x BETA/2.2.0 - XDMCP Buffer Overflow (2)
exploitdb·2000-05-22
CVE-2000-0491 gdm 1.0.x/2.0.x BETA/2.2.0 - XDMCP Buffer Overflow (2)
gdm 1.0.x/2.0.x BETA/2.2.0 - XDMCP Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/1233/info
A buffer overrun exists in the XDMCP handling code used in 'gdm', an xdm replacement, shipped as part of the GNOME desktop. By sending a maliciously crafted XDMCP message, it is possible for a remote attacker to execute arbitrary commands as root on the susceptible machine. The problem lies in the handling of the display information sent as part of an XDMCP 'FORWARD_QUERY' request.
By default, gdm is not configured to listen via XDMCP. The versions of gdm shipped with RedHat 6.0-6.2, Helix GNOME and gdm built from source are not vulnerable unless they were configured to accept XDMCP requests. This is configured via the /etc/X11/gdm/gdm.conf on some systems, although this fi
Exploit-DB
gdm 1.0.x/2.0.x BETA/2.2.0 - XDMCP Buffer Overflow (1)
exploitdb·2000-05-22
CVE-2000-0491 gdm 1.0.x/2.0.x BETA/2.2.0 - XDMCP Buffer Overflow (1)
gdm 1.0.x/2.0.x BETA/2.2.0 - XDMCP Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/1233/info
A buffer overrun exists in the XDMCP handling code used in 'gdm', an xdm replacement, shipped as part of the GNOME desktop. By sending a maliciously crafted XDMCP message, it is possible for a remote attacker to execute arbitrary commands as root on the susceptible machine. The problem lies in the handling of the display information sent as part of an XDMCP 'FORWARD_QUERY' request.
By default, gdm is not configured to listen via XDMCP. The versions of gdm shipped with RedHat 6.0-6.2, Helix GNOME and gdm built from source are not vulnerable unless they were configured to accept XDMCP requests. This is configured via the /etc/X11/gdm/gdm.conf on some systems, although this fi
ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txthttp://archives.neohapsis.com/archives/bugtraq/2000-05/0241.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-06/0025.htmlhttp://www.novell.com/linux/security/advisories/suse_security_announce_49.htmlhttp://www.securityfocus.com/bid/1233http://www.securityfocus.com/bid/1279http://www.securityfocus.com/bid/1370ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txthttp://archives.neohapsis.com/archives/bugtraq/2000-05/0241.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-06/0025.htmlhttp://www.novell.com/linux/security/advisories/suse_security_announce_49.htmlhttp://www.securityfocus.com/bid/1233http://www.securityfocus.com/bid/1279http://www.securityfocus.com/bid/1370
2000-05-24
Published