CVE-2011-0727 — Link Following in GDM

CWE-59 — Link Following9 documents8 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 80.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome GDM

Timeline

PublishedMar 31

Latest updateMay 17

Description

GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDgnome/gdm27 versions+26

Patches

Patch: mail.gnome.org ↗Patch: bugzilla.redhat.com ↗Patch: mail.gnome.org ↗

🔴Vulnerability Details

GHSA

GHSA-vqj4-7669-fw9c: GNOME Display Manager (gdm) 2↗2022-05-17

▶

OSV

CVE-2011-0727: GNOME Display Manager (gdm) 2↗2011-03-31

▶

CVEList

CVE-2011-0727: GNOME Display Manager (gdm) 2↗2011-03-31

▶

📋Vendor Advisories

Ubuntu

GDM vulnerability↗2011-03-30

▶

Red Hat

gdm: privilege escalation vulnerability↗2011-03-28

▶

Debian

CVE-2011-0727: gdm3 - GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the o...↗2011

▶

💬Community

Bugzilla

CVE-2011-0727 gdm: privilege escalation vulnerability [fedora-all]↗2011-03-28

▶

Bugzilla

CVE-2011-0727 gdm: privilege escalation vulnerability↗2011-03-16

▶