Unrated severityNVD Advisory· Published Dec 21, 2012· Updated Apr 29, 2026

CVE-2010-2387

Description

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.

Affected products

GNOME Foundation/Gnome Display Manager11 versions
cpe:2.3:a:gnome:gnome_display_manager:2.20.8:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:gnome:gnome_display_manager:2.20.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.7:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/40690nvdVendor Advisory
secunia.com/advisories/40780nvdVendor Advisory
www.auscert.org.au/13123nvdUS Government Resource
ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changesnvd
www.osvdb.org/66643nvd
blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosurenvd
bugzilla.gnome.org/show_bug.cginvd
exchange.xforce.ibmcloud.com/vulnerabilities/60642nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000