Lucene search

[email protected]CVE-2007-3381

HistoryAug 07, 2007 - 10:17 a.m.

CVE-2007-3381

2007-08-0710:17:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2007-3381

gdm

gnome display manager

null return values

denial of service

daemon crash

gdm.c

gdmconfig.c

gdmflexiserver.c

1.5 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:S/C:N/I:N/A:P

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

JSON

The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon’s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.

Affected configurations

NVD

Node

gnomegdmRange≤2.14.12

gnomegdmMatch0.7

gnomegdmMatch1.0

gnomegdmMatch2.0

gnomegdmMatch2.2

gnomegdmMatch2.3

gnomegdmMatch2.4

gnomegdmMatch2.5

gnomegdmMatch2.6

gnomegdmMatch2.8

gnomegdmMatch2.13

gnomegdmMatch2.14

gnomegdmMatch2.14.1

gnomegdmMatch2.14.2

gnomegdmMatch2.14.3

gnomegdmMatch2.14.4

gnomegdmMatch2.14.5

gnomegdmMatch2.14.6

gnomegdmMatch2.14.7

gnomegdmMatch2.14.8

gnomegdmMatch2.14.9

gnomegdmMatch2.14.10

gnomegdmMatch2.14.11

Node

gnomegdmMatch2.14.3

gnomegdmMatch2.14.4

gnomegdmMatch2.14.5

gnomegdmMatch2.14.6

gnomegdmMatch2.16

gnomegdmMatch2.16.1

gnomegdmMatch2.16.2

Node

gnomegdmMatch2.18

gnomegdmMatch2.18.1

gnomegdmMatch2.18.2

gnomegdmMatch2.18.3

Node

gnomegdmMatch2.19

gnomegdmMatch2.19.1

gnomegdmMatch2.19.2

gnomegdmMatch2.19.3

gnomegdmMatch2.19.4

CPENameOperatorVersion
gnome:gdmgnome gdmle2.14.12
gnome:gdmgnome gdmeq0.7
gnome:gdmgnome gdmeq1.0
gnome:gdmgnome gdmeq2.0
gnome:gdmgnome gdmeq2.2
gnome:gdmgnome gdmeq2.3
gnome:gdmgnome gdmeq2.4
gnome:gdmgnome gdmeq2.5
gnome:gdmgnome gdmeq2.6
gnome:gdmgnome gdmeq2.8

CPE	Name	Operator	Version
gnome:gdm	gnome gdm	le	2.14.12
gnome:gdm	gnome gdm	eq	0.7
gnome:gdm	gnome gdm	eq	1.0
gnome:gdm	gnome gdm	eq	2.0
gnome:gdm	gnome gdm	eq	2.2
gnome:gdm	gnome gdm	eq	2.3
gnome:gdm	gnome gdm	eq	2.4
gnome:gdm	gnome gdm	eq	2.5
gnome:gdm	gnome gdm	eq	2.6
gnome:gdm	gnome gdm	eq	2.8