CVE-2006-2452
Severity:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/06/2006
Last modified:
03/10/2018
Description
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
Impact
Base Score 2.0
3.70
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnome:gdm:2.12:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://bugzilla.gnome.org/show_bug.cgi?id=343476
- http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html
- http://secunia.com/advisories/20532
- http://secunia.com/advisories/20552
- http://secunia.com/advisories/20587
- http://secunia.com/advisories/20627
- http://secunia.com/advisories/20636
- http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A100
- http://www.securityfocus.com/archive/1/436428
- http://www.securityfocus.com/bid/18332
- http://www.vupen.com/english/advisories/2006/2239
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27018
- https://usn.ubuntu.com/293-1/