FKIE_CVE-2007-3381
Vulnerability from fkie_nvd - Published: 2007-08-07 10:17 - Updated: 2026-04-23 00:35
Severity
Summary
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gdm | * | |
| gnome | gdm | 0.7 | |
| gnome | gdm | 1.0 | |
| gnome | gdm | 2.0 | |
| gnome | gdm | 2.2 | |
| gnome | gdm | 2.3 | |
| gnome | gdm | 2.4 | |
| gnome | gdm | 2.5 | |
| gnome | gdm | 2.6 | |
| gnome | gdm | 2.8 | |
| gnome | gdm | 2.13 | |
| gnome | gdm | 2.14 | |
| gnome | gdm | 2.14.1 | |
| gnome | gdm | 2.14.2 | |
| gnome | gdm | 2.14.3 | |
| gnome | gdm | 2.14.4 | |
| gnome | gdm | 2.14.5 | |
| gnome | gdm | 2.14.6 | |
| gnome | gdm | 2.14.7 | |
| gnome | gdm | 2.14.8 | |
| gnome | gdm | 2.14.9 | |
| gnome | gdm | 2.14.10 | |
| gnome | gdm | 2.14.11 | |
| gnome | gdm | 2.14.3 | |
| gnome | gdm | 2.14.4 | |
| gnome | gdm | 2.14.5 | |
| gnome | gdm | 2.14.6 | |
| gnome | gdm | 2.16 | |
| gnome | gdm | 2.16.1 | |
| gnome | gdm | 2.16.2 | |
| gnome | gdm | 2.18 | |
| gnome | gdm | 2.18.1 | |
| gnome | gdm | 2.18.2 | |
| gnome | gdm | 2.18.3 | |
| gnome | gdm | 2.19 | |
| gnome | gdm | 2.19.1 | |
| gnome | gdm | 2.19.2 | |
| gnome | gdm | 2.19.3 | |
| gnome | gdm | 2.19.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A68E297-5F50-4DFA-AF70-06B016B852D2",
"versionEndIncluding": "2.14.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "501714EA-1C5D-4EA7-B069-8E6521574AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3296F925-6D41-4DA7-BDB2-3B04CF22A53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7960EC63-69CF-474C-996C-E431CCDD07E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38317A3-3725-4F32-B675-00F8FB288F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B760EB2A-6461-477F-B7E5-857117E21AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BC30F499-35B6-40BB-A420-A55F6993DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84ACF2-E06C-47E5-B221-78285238BA78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F316D7-4D67-4B2E-8418-B89466AA5CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6721626F-3335-446F-95C4-7B150C2FE2E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA624500-6AC3-4991-A185-619E3F76A384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1544DE39-DA4B-452C-A38C-D15E0EC5148F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B261D656-8C46-4F0A-93DD-8540B21BC1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "24A39F8A-D0F4-480E-904C-8FB906C6D72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4210033A-0FD1-43A7-BCDC-9A4ADFEBB1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD5D3BD-9988-4421-8C2B-1EE907CFA986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8D697C-AD36-446A-945A-0746898FFD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.11:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3072E1-A8AA-4C7B-B395-3F490943FED3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6721626F-3335-446F-95C4-7B150C2FE2E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA624500-6AC3-4991-A185-619E3F76A384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1544DE39-DA4B-452C-A38C-D15E0EC5148F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B261D656-8C46-4F0A-93DD-8540B21BC1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "832DE81E-18BB-4276-A6B0-F316A322E83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D01F3328-9DB5-4C75-A9BD-96243975A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24D361EF-B35F-46D9-9DF3-9254FFAD0A1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "638AAAB0-2077-49F1-A909-0814C94EF96E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E525EF-0702-42BD-AA45-00AB721DE9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09B6D822-D0D6-423E-AE9A-7510C06005A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "323B1859-30F3-4787-8A35-46A8189D4C5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "14C57E06-FBAB-4950-810D-ADDD74D271FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7359FE6-4BD1-4D3C-BCF5-6F2741FC1997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7888E478-E756-48FB-B3E3-534873B5F1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A82FCA7-76F6-48CE-8886-79AD9094EBF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "75DCBC45-71FC-4850-A7E0-6051AE38E4C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon\u0027s socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/."
},
{
"lang": "es",
"value": "El demonio GDM en GNOME Display Mangager (GDM) anterior a 2.14.13, 2.16.x anterior a 2.16.7, 2.18.x anterior a 2.18.4, y 2.19.x anterir a 2.19.5 no maneja adecuadamente valores de retorno nulos (NULL) de la funci\u00f3n g_strsplit, lo cual permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda persistente del demonio) mediante un comando manipulado hacia el socket del demonio, relacionado con (1) gdm.c y (2) gdmconfig.c en daemon/, y (3) gdmconfig.c y (4) gdmflexiserver.c en gui/."
}
],
"id": "CVE-2007-3381",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 2.7,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-07T10:17:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
},
{
"source": "secalert@redhat.com",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
},
{
"source": "secalert@redhat.com",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
},
{
"source": "secalert@redhat.com",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26313"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26368"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26520"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26879"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26900"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/25191"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1018523"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2781"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-1599"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200709-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0777.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/475451/30/5550/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…