Gdm
Source repositories
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14424 | Hig | 0.51 | 7.8 | 0.01 | Aug 14, 2018 | The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or… | ||
| CVE-2017-12164 | Med | 0.27 | 4.1 | 0.00 | Jul 26, 2018 | A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen. | ||
| CVE-2000-0491 | 0.04 | — | 0.18 | May 24, 2000 | Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request. | |||
| CVE-2000-0504 | 0.03 | — | 0.03 | Jun 19, 2000 | libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. | |||
| CVE-2020-27837 | 0.00 | — | 0.00 | Dec 28, 2020 | A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but… | |||
| CVE-2019-3825 | 0.00 | — | 0.01 | Feb 6, 2019 | A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session. | |||
| CVE-2011-1709 | 0.00 | — | 0.00 | Jun 14, 2011 | GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. | |||
| CVE-2011-0727 | 0.00 | — | 0.00 | Mar 31, 2011 | GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. | |||
| CVE-2009-2697 | 0.00 | — | 0.02 | Sep 4, 2009 | The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than… | |||
| CVE-2007-3381 | 0.00 | — | 0.00 | Aug 7, 2007 | The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon… | |||
| CVE-2006-6105 | 0.00 | — | 0.00 | Dec 15, 2006 | Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog. | |||
| CVE-2006-2452 | 0.00 | — | 0.00 | Jun 9, 2006 | GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges. | |||
| CVE-2006-1057 | 0.00 | — | 0.00 | Apr 25, 2006 | Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. | |||
| CVE-2003-0793 | 0.00 | — | 0.00 | Nov 17, 2003 | GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption). | |||
| CVE-2003-0794 | 0.00 | — | 0.00 | Nov 17, 2003 | GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results. | |||
| CVE-2003-0549 | 0.00 | — | 0.01 | Aug 27, 2003 | The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name. | |||
| CVE-2003-0547 | 0.00 | — | 0.00 | Aug 27, 2003 | GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file. | |||
| CVE-2003-0548 | 0.00 | — | 0.01 | Aug 27, 2003 | The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549. | |||
| CVE-1999-0990 | 0.00 | — | 0.00 | Dec 5, 1999 | Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system. |
- risk 0.51cvss 7.8epss 0.01
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or…
- risk 0.27cvss 4.1epss 0.00
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
- CVE-2000-0491May 24, 2000risk 0.04cvss —epss 0.18
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
- CVE-2000-0504Jun 19, 2000risk 0.03cvss —epss 0.03
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
- CVE-2020-27837Dec 28, 2020risk 0.00cvss —epss 0.00
A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but…
- CVE-2019-3825Feb 6, 2019risk 0.00cvss —epss 0.01
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
- CVE-2011-1709Jun 14, 2011risk 0.00cvss —epss 0.00
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
- CVE-2011-0727Mar 31, 2011risk 0.00cvss —epss 0.00
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
- CVE-2009-2697Sep 4, 2009risk 0.00cvss —epss 0.02
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than…
- CVE-2007-3381Aug 7, 2007risk 0.00cvss —epss 0.00
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon…
- CVE-2006-6105Dec 15, 2006risk 0.00cvss —epss 0.00
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
- CVE-2006-2452Jun 9, 2006risk 0.00cvss —epss 0.00
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
- CVE-2006-1057Apr 25, 2006risk 0.00cvss —epss 0.00
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
- CVE-2003-0793Nov 17, 2003risk 0.00cvss —epss 0.00
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
- CVE-2003-0794Nov 17, 2003risk 0.00cvss —epss 0.00
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
- CVE-2003-0549Aug 27, 2003risk 0.00cvss —epss 0.01
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
- CVE-2003-0547Aug 27, 2003risk 0.00cvss —epss 0.00
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
- CVE-2003-0548Aug 27, 2003risk 0.00cvss —epss 0.01
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
- CVE-1999-0990Dec 5, 1999risk 0.00cvss —epss 0.00
Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.