fkie_cve-2006-6698
Vulnerability from fkie_nvd
Published
2006-12-22 18:28
Modified
2025-04-09 00:30
Severity ?
Summary
The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome.
References
cve@mitre.orghttp://bugzilla.gnome.org/show_bug.cgi?id=167030Exploit
cve@mitre.orghttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219279Exploit
cve@mitre.orghttp://secunia.com/advisories/23452Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/21762
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/5148
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.gnome.org/show_bug.cgi?id=167030Exploit
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219279Exploit
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23452Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/21762
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/5148
Impacted products
Vendor Product Version
gnome gconf 2.14.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gconf:2.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3D8548A-E41C-47A4-A67B-9DDDAEB71555",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome."
    },
    {
      "lang": "es",
      "value": "El demonio GConf (gconfd) en GConf 2.14.0 crea archivos temporales bajo directorio con nombres basados en el nombre de usuario, incluso cuando GCONF_GLOBAL_LOCKS no est\u00e1 activo, lo cual permite a usuarios locales provocar denegaci\u00f3n de servicio a trav\u00e9s de la creaci\u00f3n de directorios antes de tiempo, lo cual evita que otros usuarios usen gnome."
    }
  ],
  "id": "CVE-2006-6698",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 1.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-12-22T18:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugzilla.gnome.org/show_bug.cgi?id=167030"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219279"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23452"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/21762"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/5148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugzilla.gnome.org/show_bug.cgi?id=167030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/21762"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/5148"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5.",
      "lastModified": "2008-05-29T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.