CVE-2011-1709
published 2011-06-14CVE-2011-1709: GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users…
PriorityP428high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.43%
34.5th percentile
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdm3 | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
| gnome | gdm | — | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_debian7.2LOW
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m8qj-xwm5-fq5v: GNOME Display Manager (gdm) before 2
ghsa_unreviewed·2022-05-17
CVE-2011-1709 [HIGH] GHSA-m8qj-xwm5-fq5v: GNOME Display Manager (gdm) before 2
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
Ubuntu
GDM vulnerability
vendor_ubuntu·2011-06-01
CVE-2011-1709 GDM vulnerability
Title: GDM vulnerability
Summary: GDM could be made to launch a browser and leak information about the system.
Henne Vogelsang discovered that under certain PolicyKit configurations, GDM
could be made to launch a browser. A local attacker could exploit this to
gain access to files with the privileges of the gdm user. PolicyKit is not
configured in this manner in Ubuntu by default.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
gdm: URI scheme handling change in glib2 allows running default browser in GDM session
vendor_redhat·2011-05-31·CVSS 7.2
CVE-2011-1709 [HIGH] gdm: URI scheme handling change in glib2 allows running default browser in GDM session
gdm: URI scheme handling change in glib2 allows running default browser in GDM session
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
Statement: Not vulnerable. This issue did not affect the versions of gdm as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Package: gdm (Red Hat Enterprise Linux 4) - Not affected
Package: gdm (Red Hat Enterprise Linux 5) - Not affected
Package: gdm (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2011-1709: gdm3 - GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execu...
vendor_debian·2011·CVSS 7.2
CVE-2011-1709 [HIGH] CVE-2011-1709: gdm3 - GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execu...
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-1709 gdm: URI scheme handling change in glib2 allows running default browser in GDM session [fedora-15]
bugzilla·2011-05-31·CVSS 7.2
CVE-2011-1709 [HIGH] CVE-2011-1709 gdm: URI scheme handling change in glib2 allows running default browser in GDM session [fedora-15]
CVE-2011-1709 gdm: URI scheme handling change in glib2 allows running default browser in GDM session [fedora-15]
fedora-15 tracking bug for gdm: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
gdm-3.0.4-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/gdm-3.0.4-1.fc15
---
Package gdm-3.0.4-1.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing gdm-3.0.4-1.fc15'
as soon as you are able to, then reboot.
Please go to the
Bugzilla
CVE-2011-1709 gdm: URI scheme handling change in glib2 allows running default browser in GDM session
bugzilla·2011-05-30·CVSS 7.2
CVE-2011-1709 [HIGH] CVE-2011-1709 gdm: URI scheme handling change in glib2 allows running default browser in GDM session
CVE-2011-1709 gdm: URI scheme handling change in glib2 allows running default browser in GDM session
Henne Vogelsang discovered that, as of glib 2.28, it was possible to run the default web browser (usually Firefox) in the GDM session, as the gdm user. This resulted in uncontrolled access to the local file system and possibly other resources as the gdm user. This is because glib 2.28 has changed the way URI handlers are registered; while it used to be controlled via gconf settings, it now is controlled via x-scheme-handler/ mime types (e.g. x-scheme-handler/http).
Statement:
Not vulnerable. This issue did not affect the versions of gdm as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Discussion:
Created attachment 501874
upstream patch
---
This issue only affects Fedora 15; earl
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.newshttp://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08dhttp://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.htmlhttp://secunia.com/advisories/44797http://secunia.com/advisories/44808http://www.securityfocus.com/bid/48084http://www.ubuntu.com/usn/USN-1142-1https://bugzilla.redhat.com/show_bug.cgi?id=709139https://hermes.opensuse.org/messages/8643655http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.newshttp://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08dhttp://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.htmlhttp://secunia.com/advisories/44797http://secunia.com/advisories/44808http://www.securityfocus.com/bid/48084http://www.ubuntu.com/usn/USN-1142-1https://bugzilla.redhat.com/show_bug.cgi?id=709139https://hermes.opensuse.org/messages/8643655
2011-06-14
Published