ID CVE-2006-2452
Summary GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
References
Vulnerable Configurations
  • cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdm:2.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdm:2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*
CVSS
Base: 3.7 (as of 03-10-2018 - 21:40)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 18332
bugtraq 20060608 rPSA-2006-0098-1 gdm
confirm http://bugzilla.gnome.org/show_bug.cgi?id=343476
gentoo GLSA-200606-14
mandriva MDKSA-2006:100
secunia
  • 20532
  • 20552
  • 20587
  • 20627
  • 20636
suse SUSE-SR:2006:013
ubuntu USN-293-1
vupen ADV-2006-2239
xf gdm-facebrowser-security-bypass(27018)
Last major update 03-10-2018 - 21:40
Published 09-06-2006 - 10:02
Last modified 03-10-2018 - 21:40
Back to Top