Test ID:	1.3.6.1.4.1.25623.1.0.59426
Category:	Fedora Local Security Checks
Title:	Fedora Core 5 FEDORA-2006-1467 (gdm)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gdm announced via advisory FEDORA-2006-1467. Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. Update Information: Fix for a recently reported security issue that has ID CVE-2006-6105. This fixes a problem where a user can enter strings like %08x into the gdmchooser Addj host button and print out memory. * Fri Dec 15 2006 Matthias Clasen - 1:2.14.11-1 - Update to 2.14.11, which fixes CVE-2006-6105 - Drop upstreamed patches * Thu Jun 8 2006 Ray Strode - 1:2.14.10-1 - Update to 2.14.10 * Thu Jun 8 2006 Ray Strode - 1:2.14.9-1 - Update to 2.14.9 - Fixes autologin problem (bug 195014). * Thu Jun 8 2006 Ray Strode - 1:2.14.8-1 - Update to 2.14.8 - Fixes CVE-2006-2452 (bug 343476). * Wed Jun 7 2006 Ray Strode - 1:2.14.4-1.fc5.3 - Add BuildRequires on xorg-x11-server-Xorg (bug 194295) * Tue Jun 6 2006 Matthias Clasen - 1:2.14.4-1.fc.2 - Require system-logos, not fedora-logos - Add missing BuildRequires Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2006-1467 Risk factor : Medium CVSS Score: 4.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6105 1017320 http://securitytracker.com/id?1017320 1017383 http://securitytracker.com/id?1017383 20061214 GNOME Foundation Display Manager gdmchooser Format String Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453 21597 http://www.securityfocus.com/bid/21597 23381 http://secunia.com/advisories/23381 23385 http://secunia.com/advisories/23385 23387 http://secunia.com/advisories/23387 23409 http://secunia.com/advisories/23409 30848 http://www.osvdb.org/30848 ADV-2006-5015 http://www.vupen.com/english/advisories/2006/5015 MDKSA-2006:231 http://www.mandriva.com/security/advisories?name=MDKSA-2006:231 SUSE-SR:2006:029 http://www.novell.com/linux/security/advisories/2006_29_sr.html USN-396-1 http://www.ubuntu.com/usn/usn-396-1 gdmchooser-host-chooser-format-string(30896) https://exchange.xforce.ibmcloud.com/vulnerabilities/30896 http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news Common Vulnerability Exposure (CVE) ID: CVE-2006-2452 BugTraq ID: 18332 http://www.securityfocus.com/bid/18332 Bugtraq: 20060608 rPSA-2006-0098-1 gdm (Google Search) http://www.securityfocus.com/archive/1/436428 http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:100 http://secunia.com/advisories/20532 http://secunia.com/advisories/20552 http://secunia.com/advisories/20587 http://secunia.com/advisories/20627 http://secunia.com/advisories/20636 SuSE Security Announcement: SUSE-SR:2006:013 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html https://usn.ubuntu.com/293-1/ http://www.vupen.com/english/advisories/2006/2239 XForce ISS Database: gdm-facebrowser-security-bypass(27018) https://exchange.xforce.ibmcloud.com/vulnerabilities/27018
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.