CVE-2010-2387
published 2012-12-21CVE-2010-2387: vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid…
PriorityP48low1.9CVSS 2.0
AVLACMAuNCPINAN
EPSS
0.52%
40.4th percentile
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
CVSS provenance
nvdv2.01.9LOWAV:L/AC:M/Au:N/C:P/I:N/A:N
vendor_redhat1.9LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-748g-m8cr-v48g: vicious-extensions/ve-misc
ghsa_unreviewed·2022-05-17
CVE-2010-2387 [LOW] GHSA-748g-m8cr-v48g: vicious-extensions/ve-misc
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
Red Hat
gdm: logs user passwors that contain invalid UTF8-encoded characters, in debug mode
vendor_redhat·2009-02-15·CVSS 1.9
CVE-2010-2387 [LOW] gdm: logs user passwors that contain invalid UTF8-encoded characters, in debug mode
gdm: logs user passwors that contain invalid UTF8-encoded characters, in debug mode
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
Statement: This is not a vulnerability. Red Hat Enterprise Linux does not have /var/log/messages world-readable, nor is GDM run in debug mode; both are requirements for this to be considered a flaw.
Package: gdm (Red Hat Enterprise Linux 5) - Will not fix
Package: gdm (Red Hat Enterprise Linux 6) - Will not fix
No detection rules found.
No public exploits indexed.
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changeshttp://secunia.com/advisories/40690http://secunia.com/advisories/40780http://www.auscert.org.au/13123http://www.osvdb.org/66643https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosurehttps://bugzilla.gnome.org/show_bug.cgi?id=571846https://exchange.xforce.ibmcloud.com/vulnerabilities/60642http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changeshttp://secunia.com/advisories/40690http://secunia.com/advisories/40780http://www.auscert.org.au/13123http://www.osvdb.org/66643https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosurehttps://bugzilla.gnome.org/show_bug.cgi?id=571846https://exchange.xforce.ibmcloud.com/vulnerabilities/60642
2012-12-21
Published