CVE-2006-6105
published 2006-12-15CVE-2006-6105: Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via…
PriorityP418medium4.3CVSS 2.0
AVLACLAuSCPIPAP
EPSS
0.40%
31.5th percentile
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:L/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2q7v-r75f-p94f: Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary
ghsa_unreviewed·2022-05-01
CVE-2006-6105 [MEDIUM] GHSA-2q7v-r75f-p94f: Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
Ubuntu
gdm vulnerability
vendor_ubuntu·2006-12-14
CVE-2006-6105 gdm vulnerability
Title: gdm vulnerability
Summary: gdm vulnerability
A format string vulnerability was discovered in the gdmchooser component
of the GNOME Display Manager. By typing a specially crafted host name,
local users could gain gdm user privileges, which could lead to further
account information exposure.
Instructions: After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Red Hat
CVE-2006-6105: Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary
vendor_redhat·CVSS 4.3
CVE-2006-6105 [MEDIUM] CVE-2006-6105: Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
Statement: Not vulnerable. This flaw was first introduced in gdm version 2.14. Therefore these issues did not affect the earlier versions of gdm as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.newshttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453http://secunia.com/advisories/23381http://secunia.com/advisories/23385http://secunia.com/advisories/23387http://secunia.com/advisories/23409http://securitytracker.com/id?1017320http://securitytracker.com/id?1017383http://www.mandriva.com/security/advisories?name=MDKSA-2006:231http://www.novell.com/linux/security/advisories/2006_29_sr.htmlhttp://www.osvdb.org/30848http://www.securityfocus.com/bid/21597http://www.ubuntu.com/usn/usn-396-1http://www.vupen.com/english/advisories/2006/5015https://exchange.xforce.ibmcloud.com/vulnerabilities/30896http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.newshttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453http://secunia.com/advisories/23381http://secunia.com/advisories/23385http://secunia.com/advisories/23387http://secunia.com/advisories/23409http://securitytracker.com/id?1017320http://securitytracker.com/id?1017383http://www.mandriva.com/security/advisories?name=MDKSA-2006:231http://www.novell.com/linux/security/advisories/2006_29_sr.htmlhttp://www.osvdb.org/30848http://www.securityfocus.com/bid/21597http://www.ubuntu.com/usn/usn-396-1http://www.vupen.com/english/advisories/2006/5015https://exchange.xforce.ibmcloud.com/vulnerabilities/30896
2006-12-15
Published