Privilege Escalation Vulnerability in GNOME Display Manager by GNOME
CVE-2011-1709

Currently unrated

Key Information:

Vendor
Gnome
Status
Gdm
Vendor
CVE Published:
14 June 2011

Summary

An issue in GNOME Display Manager prior to version 2.32.2, when using glib version 2.28, permits local users to execute a web browser with the UID of the gdm account. This misconfiguration can be exploited through vectors involving the x-scheme-handler/http MIME type, potentially allowing unauthorized access to higher privileges.

References

http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32....
x_refsource_CONFIRM
http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599a...
x_refsource_CONFIRM
http://secunia.com/advisories/44797
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2011-1709 : Privilege Escalation Vulnerability in GNOME Display Manager by GNOME | SecurityVulnerability.io