Race Condition Vulnerability in GDM by GNOME
CVE-2006-1057

Currently unrated

Key Information:

Vendor: Gnome
Status: Gdm
Vendor: CVE Published:; 25 April 2006

Summary

A vulnerability in the GDM (GNOME Display Manager) allows local users to exploit a race condition when the daemon executes chown and chgrp operations on the .ICEauthority file. By creating a symlink, an attacker can manipulate these operations to gain unauthorized privileges, potentially compromising system security. This issue affects versions of GDM prior to 2.14.1, necessitating immediate attention to apply the appropriate updates to mitigate such risks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26092

vdb-entryx_refsource_XF

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303

x_refsource_CONFIRM

http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260...

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 25, 2006
Vulnerability Reserved
Mar 7, 2006