Lucene search

[email protected]CVE-2006-1057

HistoryApr 25, 2006 - 1:02 a.m.

CVE-2006-1057

2006-04-2501:02:00

CWE-362

[email protected]

web.nvd.nist.gov

cve

2006

1057

race condition

gdm

privilege escalation

symlink attack

3.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.6%

JSON

Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.

Affected configurations

NVD

Node

gnomegdmMatch2.14

CPENameOperatorVersion
gnome:gdmgnome gdmeq2.14

CPE	Name	Operator	Version
gnome:gdm	gnome gdm	eq	2.14

References

cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261

www.debian.org/security/2006/dsa-1040

www.mandriva.com/security/advisories?name=MDKSA-2006:083

www.redhat.com/support/errata/RHSA-2007-0286.html

www.securityfocus.com/bid/17635

www.vupen.com/english/advisories/2006/1465

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303

exchange.xforce.ibmcloud.com/vulnerabilities/26092

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092

usn.ubuntu.com/278-1/

www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html

3.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.6%

JSON

Related for CVE-2006-1057

redhat1 nessus7 debian2 openvas2 nvd1 cvelist1 ubuntu1 centos1 veracode1 securityvulns1 ubuntucve1 oraclelinux1 prion1