CVE-2013-7273
published 2014-04-29CVE-2013-7273: GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by…
PriorityP45low2.1CVSS 2.0
AVLACLAuNCNINAP
EPSS
0.37%
28.6th percentile
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdm3 | < gdm3 3.8.3-1 (bookworm) | gdm3 3.8.3-1 (bookworm) |
| gnome | gnome_display_manager | <= 3.4.1 | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
osv2.1LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2013-7273: gdm3 - GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to ...
vendor_debian·2013·CVSS 2.1
CVE-2013-7273 [LOW] CVE-2013-7273: gdm3 - GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to ...
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
Scope: local
bookworm: resolved (fixed in 3.8.3-1)
bullseye: resolved (fixed in 3.8.3-1)
forky: resolved (fixed in 3.8.3-1)
sid: resolved (fixed in 3.8.3-1)
trixie: resolved (fixed in 3.8.3-1)
Red Hat
gdm: local DoS possible when cancelling and disable-user-list=true when fallback greeter is used
vendor_redhat·2012-07-30·CVSS 2.1
CVE-2013-7273 [LOW] gdm: local DoS possible when cancelling and disable-user-list=true when fallback greeter is used
gdm: local DoS possible when cancelling and disable-user-list=true when fallback greeter is used
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
Package: gdm (Red Hat Enterprise Linux 7) - Not affected
GHSA
GHSA-2w7j-hchq-jpj6: GNOME Display Manager (gdm) 3
ghsa_unreviewed·2022-05-17
CVE-2013-7273 [LOW] GHSA-2w7j-hchq-jpj6: GNOME Display Manager (gdm) 3
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
OSV
CVE-2013-7273: GNOME Display Manager (gdm) 3
osv·2014-04-29·CVSS 2.1
CVE-2013-7273 [LOW] CVE-2013-7273: GNOME Display Manager (gdm) 3
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-7273 gdm: local DoS possible when cancelling and disable-user-list=true when fallback greeter is used [fedora-all]
bugzilla·2014-01-09·CVSS 2.1
CVE-2013-7273 [LOW] CVE-2013-7273 gdm: local DoS possible when cancelling and disable-user-list=true when fallback greeter is used [fedora-all]
CVE-2013-7273 gdm: local DoS possible when cancelling and disable-user-list=true when fallback greeter is used [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes fiel
Bugzilla
CVE-2013-7273 gdm: local DoS possible when cancelling and disable-user-list=true when fallback greeter is used
bugzilla·2014-01-09·CVSS 2.1
CVE-2013-7273 [LOW] CVE-2013-7273 gdm: local DoS possible when cancelling and disable-user-list=true when fallback greeter is used
CVE-2013-7273 gdm: local DoS possible when cancelling and disable-user-list=true when fallback greeter is used
It was reported [1],[2] that when the fallback greeter is used in GDM3.x, if the disable-user-list setting is "true" (so a user list is not displayed, but entry fields for username and password), if a user enters their username and are then presented with a password prompt, if they were to click the "cancel" button then all of the user-interactive fields disappear. The user is then unable to login in or otherwise interact with the display manager, and must either kill X or reboot.
There is no upstream fix as of yet. CVE-2013-7273 was assigned [3] to this issue.
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338
[2] https://bugzilla.gnome.org/show_bug.cgi?id=704284
[3]
http://www.openwall.com/lists/oss-security/2014/01/07/10http://www.openwall.com/lists/oss-security/2014/01/07/16https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338https://bugzilla.gnome.org/show_bug.cgi?id=704284https://bugzilla.redhat.com/show_bug.cgi?id=1050745http://www.openwall.com/lists/oss-security/2014/01/07/10http://www.openwall.com/lists/oss-security/2014/01/07/16https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338https://bugzilla.gnome.org/show_bug.cgi?id=704284https://bugzilla.redhat.com/show_bug.cgi?id=1050745
2014-04-29
Published