Privilege Escalation Vulnerability in GNOME Display Manager by GNOME
CVE-2011-1709

Currently unrated

Key Information:

Vendor: Gnome
Status: Gdm
Vendor: CVE Published:; 14 June 2011

What is CVE-2011-1709?

An issue in GNOME Display Manager prior to version 2.32.2, when using glib version 2.28, permits local users to execute a web browser with the UID of the gdm account. This misconfiguration can be exploited through vectors involving the x-scheme-handler/http MIME type, potentially allowing unauthorized access to higher privileges.

References

http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32....

x_refsource_CONFIRM

http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599a...

x_refsource_CONFIRM

http://secunia.com/advisories/44797

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2011
Vulnerability Reserved
Apr 15, 2011

JSON

Gnome

What is CVE-2011-1709?

References

Timeline