1.9

CVE-2010-2387

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnomeGnome Display Manager Version2.20.0
GnomeGnome Display Manager Version2.20.1
GnomeGnome Display Manager Version2.20.2
GnomeGnome Display Manager Version2.20.3
GnomeGnome Display Manager Version2.20.4
GnomeGnome Display Manager Version2.20.5
GnomeGnome Display Manager Version2.20.6
GnomeGnome Display Manager Version2.20.7
GnomeGnome Display Manager Version2.20.8
GnomeGnome Display Manager Version2.20.9
GnomeGnome Display Manager Version2.20.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.402
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes
http://secunia.com/advisories/40690
Vendor Advisory
http://secunia.com/advisories/40780
Vendor Advisory
http://www.auscert.org.au/13123
US Government Resource
http://www.osvdb.org/66643
https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure
https://bugzilla.gnome.org/show_bug.cgi?id=571846
https://exchange.xforce.ibmcloud.com/vulnerabilities/60642