Local Privilege Escalation in GNOME Display Manager Due to Password Logging Flaw
CVE-2010-2387

Currently unrated

Key Information:

Vendor: Gnome
Status: Gnome Display Manager
Vendor: CVE Published:; 21 December 2012

Badges

👾 Exploit Exists🟡 Public PoC

Summary

In GNOME Display Manager (gdm) versions 2.20.x prior to 2.20.11, a flaw exists that exposes user passwords in syslog logs when GDM debug mode is enabled and the password contains invalid UTF8 encoded characters. This vulnerability may allow local users to read these logs and gain unauthorized access, leading to potential privilege escalation on the system.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-2387
Created by LogSec

References

https://bugzilla.gnome.org/show_bug.cgi?id=571846

x_refsource_CONFIRM

http://www.auscert.org.au/13123

third-party-advisoryx_refsource_AUSCERT

https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_...

x_refsource_CONFIRM

Timeline

🟡
Public PoC available
Apr 23, 2022
👾
Exploit known to exist
Apr 23, 2022
Vulnerability published
Dec 21, 2012
Vulnerability Reserved
Jun 21, 2010