Rapid7 Vulnerability & Exploit Database

CESA-2007:0286: gdm security and bug fix update

Back to Search

CESA-2007:0286: gdm security and bug fix update

Severity
4
CVSS
(AV:L/AC:H/Au:N/C:P/I:P/A:P)
Published
04/24/2006
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

An updated gdm package that fixes a security issue and a bug is now available. This update has been rated as having low security impact by the CentOS Security Response Team.

Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. Marcus Meissner discovered a race condition issue in the way Gdm modifies the permissions on the .ICEauthority file. A local attacker could exploit this flaw to gain privileges. Due to the nature of the flaw, however, a successful exploitation was unlikely. (CVE-2006-1057) This erratum also includes a bug fix to correct the pam configuration for the audit system. All users of gdm should upgrade to this updated package, which contains backported patches to resolve these issues.

Solution(s)

  • centos-upgrade-gdm

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;