gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
References
Link | Resource |
---|---|
https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314 | Third Party Advisory |
https://gitlab.gnome.org/GNOME/gdm/-/issues/642 | Exploit Vendor Advisory |
https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon | Exploit Third Party Advisory |
https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314 | Third Party Advisory |
https://gitlab.gnome.org/GNOME/gdm/-/issues/642 | Exploit Vendor Advisory |
https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:06
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314 - Third Party Advisory | |
References | () https://gitlab.gnome.org/GNOME/gdm/-/issues/642 - Exploit, Vendor Advisory | |
References | () https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.2 |
Information
Published : 2020-11-10 05:15
Updated : 2024-11-21 05:06
NVD link : CVE-2020-16125
Mitre link : CVE-2020-16125
CVE.ORG link : CVE-2020-16125
JSON object : View
Products Affected
gnome
- gnome_display_manager
CWE
CWE-754
Improper Check for Unusual or Exceptional Conditions