CVE-2010-2387

Currently unrated

Key Information:

Vendor: Gnome
Status: Gnome Display Manager
Vendor: CVE Published:; 21 December 2012

Badges

👾 Exploit Exists🟡 Public PoC

Summary

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-2387
Created by LogSec

References

https://bugzilla.gnome.org/show_bug.cgi?id=571846

x_refsource_CONFIRM

http://www.auscert.org.au/13123

third-party-advisoryx_refsource_AUSCERT

https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_...

x_refsource_CONFIRM

Timeline

🟡
Public PoC available
Apr 23, 2022
👾
Exploit known to exist
Apr 23, 2022
Vulnerability published
Dec 21, 2012
Vulnerability Reserved
Jun 21, 2010