CVE-2003-0547

2003-08-2704:00:00

[email protected]

web.nvd.nist.gov

gdm

cve-2003-0547

security

symlink attack

vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

GDM before 2.4.1.6, when using the “examine session errors” feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.

Affected configurations

NVD

Node

gnomegdmMatch2.4.1

gnomegdmMatch2.4.1.1

gnomegdmMatch2.4.1.2

gnomegdmMatch2.4.1.3

gnomegdmMatch2.4.1.4

gnomegdmMatch2.4.1.5

gnomegdmMatch2.4.1.6

redhatkdebaseMatch2.4.0.7.13i386

redhatkdebaseMatch2.4.1.3.5i386

CPENameOperatorVersion
gnome:gdmgnome gdmeq2.4.1
gnome:gdmgnome gdmeq2.4.1.1
gnome:gdmgnome gdmeq2.4.1.2
gnome:gdmgnome gdmeq2.4.1.3
gnome:gdmgnome gdmeq2.4.1.4
gnome:gdmgnome gdmeq2.4.1.5
gnome:gdmgnome gdmeq2.4.1.6
redhat:kdebaseredhat kdebaseeq2.4.0.7.13
redhat:kdebaseredhat kdebaseeq2.4.1.3.5

CPE	Name	Operator	Version
gnome:gdm	gnome gdm	eq	2.4.1
gnome:gdm	gnome gdm	eq	2.4.1.1
gnome:gdm	gnome gdm	eq	2.4.1.2
gnome:gdm	gnome gdm	eq	2.4.1.3
gnome:gdm	gnome gdm	eq	2.4.1.4
gnome:gdm	gnome gdm	eq	2.4.1.5
gnome:gdm	gnome gdm	eq	2.4.1.6
redhat:kdebase	redhat kdebase	eq	2.4.0.7.13
redhat:kdebase	redhat kdebase	eq	2.4.1.3.5