Rapid7 Vulnerability & Exploit Database

RHSA-2003:258: GDM allows local user to read any file.

Back to Search

RHSA-2003:258: GDM allows local user to read any file.

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
08/27/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated GDM packages are available which correct a bug allowing local users to read any text files on the system, and a denial of service issue if XDMCP is enabled.

GDM is the GNOME Display Manager for X. Versions of GDM prior to 2.4.1.6 contain a bug where GDM will run as root when examining the ~/.xsession-errors file when using the "examine session errors" feature, allowing local users the ability to read any text file on the system by creating a symlink. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0547 to this issue. Red Hat Linux 8.0 and 9 are vulnerable to this issue. Versions of GDM in earlier releases did not have the "examine session errors" feature and therefore are not vulnerable to this issue. Also addressed by these erratum packages are two problems in the X Display Manager Control Protocol (XDMCP) which allow a denial of service attack (DoS) by crashing the gdm daemon. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2003-0548 and CAN-2003-0549 to these issues. This attack is only possible if XDMCP is enabled. XDMCP is not enabled by default in Red Hat Linux distributions, and as documented XDMCP should only ever be run on trusted networks. Users of GDM are advised to upgrade to these erratum packages which disable the "examine session errors" feature and contain backported security fixes for the XDMCP issues.

Solution(s)

  • redhat-upgrade-gdm

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;