[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-3381Date: (C)2007-08-07   (M)2023-12-22


The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 1.5
Exploit Score: 2.7
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1018523
http://www.securityfocus.com/archive/1/475451/30/5550/threaded
BID-25191
SECUNIA-26313
SECUNIA-26368
SECUNIA-26520
SECUNIA-26879
SECUNIA-26900
ADV-2007-2781
GLSA-200709-11
MDKSA-2007:169
RHSA-2007:0777
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news
https://issues.rpath.com/browse/RPL-1599
oval:org.mitre.oval:def:10887

CWE    1
CWE-20

© SecPod Technologies