CVE-2006-1057
published 2006-04-25CVE-2006-1057: Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations…
PriorityP412low3.7CVSS 2.0
AVLACHAuNCPIPAP
EPSS
0.27%
18.9th percentile
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnome | gdm | — | — |
CVSS provenance
nvdv2.03.7LOWAV:L/AC:H/Au:N/C:P/I:P/A:P
vendor_redhat3.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
gdm vulnerability
vendor_ubuntu·2006-05-04
CVE-2006-1057 gdm vulnerability
Title: gdm vulnerability
Summary: gdm vulnerability
Marcus Meissner discovered a race condition in gdm's handling of the
~/.ICEauthority file permissions. A local attacker could exploit this
to become the owner of an arbitrary file in the system. When getting
control over automatically executed scripts (like cron jobs), the
attacker could eventually leverage this flaw to execute arbitrary
commands with root privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2006-04-19·CVSS 3.7
CVE-2006-1057 [LOW] security flaw
security flaw
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
Statement: Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188302
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
This issue does not affect Red Hat Enterprise Linux 2.1 and 3.
GHSA
GHSA-4g9q-73fx-cqxq: Race condition in daemon/slave
ghsa_unreviewed·2022-05-01
CVE-2006-1057 [LOW] CWE-362 GHSA-4g9q-73fx-cqxq: Race condition in daemon/slave
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-1057 security flaw
bugzilla·2018-08-16·CVSS 3.7
CVE-2006-1057 [LOW] CVE-2006-1057 security flaw
CVE-2006-1057 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
---
Statement:
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188302
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
This issue does not affect Re
Bugzilla
CVE-2006-1057 GDM file permissions race condition
bugzilla·2006-04-07·CVSS 3.7
CVE-2006-1057 [LOW] CVE-2006-1057 GDM file permissions race condition
CVE-2006-1057 GDM file permissions race condition
GDM file permissions race condition
Marcus Meissner discovered a race condition issue in gdm which affects
the way it modifies the permissions on the .ICEauthority file.
The problem is that there is a race condition between the time stat()
is run on the file and the time chown() and chmod() are run.
The patch that caused this error is here:
http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261
We don't have a fix yet.
This issue also affects FC4
Discussion:
gdm-2.14.1-1.fc5.1 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
---
gdm-2.14.1-1.fc5.2 has been pushed for fc5, which should resolve this issue. If th
Bugzilla
CVE-2006-1057 GDM file permissions race condition
bugzilla·2006-04-07·CVSS 3.7
CVE-2006-1057 [LOW] CVE-2006-1057 GDM file permissions race condition
CVE-2006-1057 GDM file permissions race condition
GDM file permissions race condition
Marcus Meissner discovered a race condition issue in gdm which affects
the way it modifies the permissions on the .ICEauthority file.
The problem is that there is a race condition between the time stat()
is run on the file and the time chown() and chmod() are run.
The patch that caused this error is here:
http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261
We don't have a fix yet.
Discussion:
Created attachment 127492
Proposed upstream patch
---
So there has been a bit of discussion about how exploitable this problem really is.
One thing Marcus didn't originally notice is that a bug in the problem code
prevents it from easily being exploited.
Namely, the code only runs if
stat (
Bugzilla
CVE-2006-1057 gdm race condition/exploit
bugzilla·2006-04-07·CVSS 3.7
CVE-2006-1057 [LOW] CVE-2006-1057 gdm race condition/exploit
CVE-2006-1057 gdm race condition/exploit
Description of problem:
There is a local root exploit/race condition in gdm >= 2.6.0.3, in
"daemon/slave.c". The code that introduces this bug was introduced
in revision 1.261 of that file in gnome's cvs:
.
Upstream (Brian Cameron) has indicated that this code has been fixed to
go into GDM 2.14.1, which he says they are planning to release on Monday,
April 10th. From today's cvs comments, it looks like the fix was entered
for revision 1.322 (between revisions 1.320 and 1.322):
.
This only affects FC3 of the legacy distros, as FC2 and lower are using
gdm = 2.6.0.3.
Version-Release number of selected component (if applicable):
gdm-2.6.0.5-6
Ref:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1057
Discussion:
Hey Josh,
Did RedHat / Fe
http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261http://www.debian.org/security/2006/dsa-1040http://www.mandriva.com/security/advisories?name=MDKSA-2006:083http://www.redhat.com/support/errata/RHSA-2007-0286.htmlhttp://www.securityfocus.com/bid/17635http://www.vupen.com/english/advisories/2006/1465https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303https://exchange.xforce.ibmcloud.com/vulnerabilities/26092https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092https://usn.ubuntu.com/278-1/https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.htmlhttp://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261http://www.debian.org/security/2006/dsa-1040http://www.mandriva.com/security/advisories?name=MDKSA-2006:083http://www.redhat.com/support/errata/RHSA-2007-0286.htmlhttp://www.securityfocus.com/bid/17635http://www.vupen.com/english/advisories/2006/1465https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303https://exchange.xforce.ibmcloud.com/vulnerabilities/26092https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092https://usn.ubuntu.com/278-1/https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html
2006-04-25
Published