CVE-2006-2452 — GDM vulnerability

4 documents4 sources

Severity

3.7LOWNVD

EPSS

0.1%

top 72.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome GDM

Timeline

PublishedJun 9

Latest updateMay 1

Description

GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages1 packages

▶NVDgnome/gdm4 versions+3

🔴Vulnerability Details

GHSA

GHSA-8vvw-c8p7-x225: GNOME GDM 2↗2022-05-01

▶

CVEList

CVE-2006-2452: GNOME GDM 2↗2006-06-09

▶

📋Vendor Advisories

Ubuntu

gdm vulnerability↗2006-06-09

▶