CVE-2009-2697Improper Authentication in GDM

CWE-287Improper Authentication4 documents4 sources
Severity
6.8MEDIUMNVD
CNA6.0
EPSS
0.2%
top 57.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gnome GDM
Timeline
PublishedSep 4
Latest updateMay 2

Description

The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDgnome/gdm2.16+12

🔴Vulnerability Details

2
GHSA
GHSA-vf98-38qc-3w28: The Red Hat build script for the GNOME Display Manager (GDM) before 22022-05-02
CVEList
CVE-2009-2697: The Red Hat build script for the GNOME Display Manager (GDM) before 22009-09-04

📋Vendor Advisories

1
Red Hat
gdm not built with tcp_wrappers2007-05-11
CVE-2009-2697 — Improper Authentication in Gnome GDM | cvebase