CVE-2006-2452
published 2006-06-09CVE-2006-2452: GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using…
PriorityP416low3.7CVSS 2.0
AVLACHAuNCPIPAP
EPSS
0.36%
27.8th percentile
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8vvw-c8p7-x225: GNOME GDM 2
ghsa_unreviewed·2022-05-01
CVE-2006-2452 [LOW] GHSA-8vvw-c8p7-x225: GNOME GDM 2
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
Ubuntu
gdm vulnerability
vendor_ubuntu·2006-06-09
CVE-2006-2452 gdm vulnerability
Title: gdm vulnerability
Summary: gdm vulnerability
If the admin configured a gdm theme that provided an user list, any
user could activate the gdm setup program by first choosing the setup
option from the menu, clicking on the user list and entering his own
(instead of root's) password. This allowed normal users to configure
potentially dangerous features like remote or automatic login.
Please note that this does not affect a default Ubuntu installation,
since the default theme does not provide an user list. In Ubuntu 6.06
you additionally have to have the "ConfigAvailable" setting enabled in
gdm.conf to be vulnerable (it is disabled by default).
Ubuntu 5.04 is not affected by this flaw.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugzilla.gnome.org/show_bug.cgi?id=343476http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.htmlhttp://secunia.com/advisories/20532http://secunia.com/advisories/20552http://secunia.com/advisories/20587http://secunia.com/advisories/20627http://secunia.com/advisories/20636http://www.gentoo.org/security/en/glsa/glsa-200606-14.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:100http://www.securityfocus.com/archive/1/436428http://www.securityfocus.com/bid/18332http://www.vupen.com/english/advisories/2006/2239https://exchange.xforce.ibmcloud.com/vulnerabilities/27018https://usn.ubuntu.com/293-1/http://bugzilla.gnome.org/show_bug.cgi?id=343476http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.htmlhttp://secunia.com/advisories/20532http://secunia.com/advisories/20552http://secunia.com/advisories/20587http://secunia.com/advisories/20627http://secunia.com/advisories/20636http://www.gentoo.org/security/en/glsa/glsa-200606-14.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:100http://www.securityfocus.com/archive/1/436428http://www.securityfocus.com/bid/18332http://www.vupen.com/english/advisories/2006/2239https://exchange.xforce.ibmcloud.com/vulnerabilities/27018https://usn.ubuntu.com/293-1/
2006-06-09
Published