CVE-2011-1709 — GDM vulnerability

CWE-2648 documents7 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 82.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome GDM

Timeline

PublishedJun 14

Latest updateMay 17

Description

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDgnome/gdm29 versions+28

Patches

Patch: git.gnome.org ↗Patch: bugzilla.redhat.com ↗Patch: git.gnome.org ↗

🔴Vulnerability Details

GHSA

GHSA-m8qj-xwm5-fq5v: GNOME Display Manager (gdm) before 2↗2022-05-17

▶

CVEList

CVE-2011-1709: GNOME Display Manager (gdm) before 2↗2011-06-14

▶

📋Vendor Advisories

Ubuntu

GDM vulnerability↗2011-06-01

▶

Red Hat

gdm: URI scheme handling change in glib2 allows running default browser in GDM session↗2011-05-31

▶

Debian

CVE-2011-1709: gdm3 - GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execu...↗2011

▶

💬Community

Bugzilla

CVE-2011-1709 gdm: URI scheme handling change in glib2 allows running default browser in GDM session [fedora-15]↗2011-05-31

▶

Bugzilla

CVE-2011-1709 gdm: URI scheme handling change in glib2 allows running default browser in GDM session↗2011-05-30

▶