Test ID:	1.3.6.1.4.1.25623.1.0.52955
Category:	Turbolinux Local Security Tests
Title:	Turbolinux TLSA-2003-48 (gdm)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gdm announced via advisory TLSA-2003-48. Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. GDM contains a bug where GDM will run as root when examining the ~ /.xsession-errors file when using the examine session errors feature, allowing local users the ability to read any text file on the system by creating a symlink. The vulnerability in the XDMCP ( X Display Manager Control Protocol) support for GDM allows attackers to cause a denial of service. The XDMCP is disabled by default These vulnerabilities may allow local users to read arbitrary files on the system by creating a symlink and allow an attacker to create a DoS condition on the GDM. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2003-48 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0547 Bugtraq: 20030824 [slackware-security] GDM security update (SSA:2003-236-01) (Google Search) http://marc.info/?l=bugtraq&m=106194792924122&w=2 Conectiva Linux advisory: CLA-2003:729 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112 http://www.redhat.com/support/errata/RHSA-2003-258.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0548 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113 http://www.redhat.com/support/errata/RHSA-2003-259.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.