CVE-2006-2452
3.7 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
6.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
12.7%
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the “face browser” feature is enabled, allows local users to access the “Configure Login Manager” functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
Affected configurations
References
bugzilla.gnome.org/show_bug.cgi?id=343476
lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html
secunia.com/advisories/20532
secunia.com/advisories/20552
secunia.com/advisories/20587
secunia.com/advisories/20627
secunia.com/advisories/20636
www.gentoo.org/security/en/glsa/glsa-200606-14.xml
www.mandriva.com/security/advisories?name=MDKSA-2006:100
www.securityfocus.com/archive/1/436428
www.securityfocus.com/bid/18332
www.vupen.com/english/advisories/2006/2239
exchange.xforce.ibmcloud.com/vulnerabilities/27018
usn.ubuntu.com/293-1/
Related
3.7 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
6.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
12.7%