CVE-2011-1709

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.17:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.20:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.21:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.22:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.23:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.24:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.25:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.26:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.27:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.28:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.29:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.30:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.31:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.32:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.32.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:glib:2.28:*:*:*:*:*:*:*

History

21 Nov 2024, 01:26

Type Values Removed Values Added
References () http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news - () http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news -
References () http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d - Patch () http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d - Patch
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html - () http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html -
References () http://secunia.com/advisories/44797 - Vendor Advisory () http://secunia.com/advisories/44797 - Vendor Advisory
References () http://secunia.com/advisories/44808 - () http://secunia.com/advisories/44808 -
References () http://www.securityfocus.com/bid/48084 - () http://www.securityfocus.com/bid/48084 -
References () http://www.ubuntu.com/usn/USN-1142-1 - () http://www.ubuntu.com/usn/USN-1142-1 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=709139 - Patch () https://bugzilla.redhat.com/show_bug.cgi?id=709139 - Patch
References () https://hermes.opensuse.org/messages/8643655 - () https://hermes.opensuse.org/messages/8643655 -

Information

Published : 2011-06-14 17:55

Updated : 2024-11-21 01:26


NVD link : CVE-2011-1709

Mitre link : CVE-2011-1709

CVE.ORG link : CVE-2011-1709


JSON object : View

Products Affected

gnome

  • glib
  • gdm
CWE
CWE-264

Permissions, Privileges, and Access Controls