CVE-2011-0727
published 2011-03-31CVE-2011-0727: GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon…
PriorityP419medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.38%
29.5th percentile
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdm3 | < gdm3 2.30.5-9 (bookworm) | gdm3 2.30.5-9 (bookworm) |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9MEDIUM
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
GDM vulnerability
vendor_ubuntu·2011-03-30
CVE-2011-0727 GDM vulnerability
Title: GDM vulnerability
Summary: A GDM vulnerability allows local attackers to gain root privileges.
Sebastian Krahmer discovered that GDM (GNOME Display Manager) did not
properly drop privileges when handling the cache directories used
to store users' dmrc and face icon files. This could allow a local
attacker to change the ownership of arbitrary files, thereby gaining
root privileges.
Instructions: After a standard system update you need to log out all desktop sessions
and restart GDM to make all the necessary changes.
Red Hat
gdm: privilege escalation vulnerability
vendor_redhat·2011-03-28·CVSS 6.9
CVE-2011-0727 [MEDIUM] gdm: privilege escalation vulnerability
gdm: privilege escalation vulnerability
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
Package: gdm (Red Hat Enterprise Linux 4) - Not affected
Package: gdm (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2011-0727: gdm3 - GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the o...
vendor_debian·2011·CVSS 6.9
CVE-2011-0727 [MEDIUM] CVE-2011-0727: gdm3 - GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the o...
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
Scope: local
bookworm: resolved (fixed in 2.30.5-9)
bullseye: resolved (fixed in 2.30.5-9)
forky: resolved (fixed in 2.30.5-9)
sid: resolved (fixed in 2.30.5-9)
trixie: resolved (fixed in 2.30.5-9)
GHSA
GHSA-vqj4-7669-fw9c: GNOME Display Manager (gdm) 2
ghsa_unreviewed·2022-05-17
CVE-2011-0727 [MEDIUM] CWE-59 GHSA-vqj4-7669-fw9c: GNOME Display Manager (gdm) 2
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
OSV
CVE-2011-0727: GNOME Display Manager (gdm) 2
osv·2011-03-31·CVSS 6.9
CVE-2011-0727 [MEDIUM] CVE-2011-0727: GNOME Display Manager (gdm) 2
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-0727 gdm: privilege escalation vulnerability [fedora-all]
bugzilla·2011-03-28·CVSS 6.9
CVE-2011-0727 [MEDIUM] CVE-2011-0727 gdm: privilege escalation vulnerability [fedora-all]
CVE-2011-0727 gdm: privilege escalation vulnerability [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=688323
Please note: this issue affects multiple support
Bugzilla
CVE-2011-0727 gdm: privilege escalation vulnerability
bugzilla·2011-03-16·CVSS 6.9
CVE-2011-0727 [MEDIUM] CVE-2011-0727 gdm: privilege escalation vulnerability
CVE-2011-0727 gdm: privilege escalation vulnerability
It was discovered that the GNOME Display Manager (gdm) cleared the cache directory, which is owned by an unprivileged user, with the privileges of the root user. A race condition exists in gdm where a local user could take advantage of this by writing to the cache directory between ending the session and the signal to clean up the session, which could lead to the execution of arbitrary code as the root user.
Acknowledgements:
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue.
Discussion:
This attack targets code that "caches" (copies) users' dmrc and face image files from user's home directory to /var/cache/gdm/$USER . This feature was added in gdm version 2.28.0 according to the NEWS
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.newshttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.htmlhttp://mail.gnome.org/archives/gdm-list/2011-March/msg00020.htmlhttp://secunia.com/advisories/43714http://secunia.com/advisories/43854http://secunia.com/advisories/44021http://securitytracker.com/id?1025264http://www.debian.org/security/2011/dsa-2205http://www.mandriva.com/security/advisories?name=MDVSA-2011:070http://www.redhat.com/support/errata/RHSA-2011-0395.htmlhttp://www.securityfocus.com/bid/47063http://www.ubuntu.com/usn/USN-1099-1http://www.vupen.com/english/advisories/2011/0786http://www.vupen.com/english/advisories/2011/0787http://www.vupen.com/english/advisories/2011/0797http://www.vupen.com/english/advisories/2011/0847http://www.vupen.com/english/advisories/2011/0911https://bugzilla.redhat.com/show_bug.cgi?id=688323https://exchange.xforce.ibmcloud.com/vulnerabilities/66377http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.newshttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.htmlhttp://mail.gnome.org/archives/gdm-list/2011-March/msg00020.htmlhttp://secunia.com/advisories/43714http://secunia.com/advisories/43854http://secunia.com/advisories/44021http://securitytracker.com/id?1025264http://www.debian.org/security/2011/dsa-2205http://www.mandriva.com/security/advisories?name=MDVSA-2011:070http://www.redhat.com/support/errata/RHSA-2011-0395.htmlhttp://www.securityfocus.com/bid/47063http://www.ubuntu.com/usn/USN-1099-1http://www.vupen.com/english/advisories/2011/0786http://www.vupen.com/english/advisories/2011/0787http://www.vupen.com/english/advisories/2011/0797http://www.vupen.com/english/advisories/2011/0847http://www.vupen.com/english/advisories/2011/0911https://bugzilla.redhat.com/show_bug.cgi?id=688323https://exchange.xforce.ibmcloud.com/vulnerabilities/66377
2011-03-31
Published