3.7 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
9.6%
CentOS Errata and Security Advisory CESA-2007:0286
Gdm (the GNOME Display Manager) is a highly configurable reimplementation
of xdm, the X Display Manager. Gdm allows you to log into your system with
the X Window System running and supports running several different X
sessions on your local machine at the same time.
Marcus Meissner discovered a race condition issue in the way Gdm modifies
the permissions on the .ICEauthority file. A local attacker could exploit
this flaw to gain privileges. Due to the nature of the flaw, however, a
successful exploitation was unlikely. (CVE-2006-1057)
This erratum also includes a bug fix to correct the pam configuration for
the audit system.
All users of gdm should upgrade to this updated package, which contains
backported patches to resolve these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-May/075886.html
Affected packages:
gdm
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0286
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | s390 | gdm | < 2.6.0.5-7.rhel4.15 | gdm-2.6.0.5-7.rhel4.15.s390.rpm |
CentOS | 4 | s390x | gdm | < 2.6.0.5-7.rhel4.15 | gdm-2.6.0.5-7.rhel4.15.s390x.rpm |