1.5

CVE-2007-3381

The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnomeGdm Version <= 2.14.12
GnomeGdm Version0.7
GnomeGdm Version1.0
GnomeGdm Version2.0
GnomeGdm Version2.2
GnomeGdm Version2.3
GnomeGdm Version2.4
GnomeGdm Version2.5
GnomeGdm Version2.6
GnomeGdm Version2.8
GnomeGdm Version2.13
GnomeGdm Version2.14
GnomeGdm Version2.14.1
GnomeGdm Version2.14.2
GnomeGdm Version2.14.3
GnomeGdm Version2.14.4
GnomeGdm Version2.14.5
GnomeGdm Version2.14.6
GnomeGdm Version2.14.7
GnomeGdm Version2.14.8
GnomeGdm Version2.14.9
GnomeGdm Version2.14.10
GnomeGdm Version2.14.11
GnomeGdm Version2.14.3
GnomeGdm Version2.14.4
GnomeGdm Version2.14.5
GnomeGdm Version2.14.6
GnomeGdm Version2.16
GnomeGdm Version2.16.1
GnomeGdm Version2.16.2
GnomeGdm Version2.18
GnomeGdm Version2.18.1
GnomeGdm Version2.18.2
GnomeGdm Version2.18.3
GnomeGdm Version2.19
GnomeGdm Version2.19.1
GnomeGdm Version2.19.2
GnomeGdm Version2.19.3
GnomeGdm Version2.19.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.33% 0.242
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 1.5 2.7 2.9
AV:L/AC:M/Au:S/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news
http://secunia.com/advisories/26313
Vendor Advisory
http://secunia.com/advisories/26368
Vendor Advisory
http://secunia.com/advisories/26520
Vendor Advisory
http://secunia.com/advisories/26879
Vendor Advisory
http://secunia.com/advisories/26900
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200709-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:169
http://www.redhat.com/support/errata/RHSA-2007-0777.html
http://www.securityfocus.com/archive/1/475451/30/5550/threaded
http://www.securityfocus.com/bid/25191
http://www.securitytracker.com/id?1018523
http://www.vupen.com/english/advisories/2007/2781
Vendor Advisory
https://issues.rpath.com/browse/RPL-1599
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887