ID CVE-2006-6698
Summary The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome.
References
Vulnerable Configurations
  • cpe:2.3:a:gnome:gconf:2.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gconf:2.14.0:*:*:*:*:*:*:*
CVSS
Base: 1.9 (as of 08-03-2011 - 02:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 21762
confirm
secunia 23452
vupen ADV-2006-5148
statements via4
contributor Mark J Cox
lastmodified 2008-05-29
organization Red Hat
statement The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5.
Last major update 08-03-2011 - 02:46
Published 22-12-2006 - 18:28
Last modified 08-03-2011 - 02:46
Back to Top