Local File Read Vulnerability in GDM by GNOME
CVE-2003-0547

Currently unrated

Key Information:

Vendor: Gnome
Status: Gdm; Kdebase
Vendor: CVE Published:; 27 August 2003

Summary

GDM prior to version 2.4.1.6 contains a vulnerability that permits local users to exploit the 'examine session errors' feature. This vulnerability enables them to perform a symlink attack on the ~/.xsession-errors file, which could lead to unauthorized reading of arbitrary files by manipulating session error logs.

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio...

vendor-advisoryx_refsource_CONECTIVA

http://www.redhat.com/support/errata/RHSA-2003-258.html

vendor-advisoryx_refsource_REDHAT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

Timeline

Vulnerability published
Aug 27, 2003
Vulnerability Reserved
Jul 14, 2003