Ubuntu Local Security Checks : Ubuntu USN-1099-1 (gdm)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 123947 CVE descriptions and 58962 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.69379

Category: Ubuntu Local Security Checks

Title: Ubuntu USN-1099-1 (gdm)

Summary: Ubuntu USN-1099-1 (gdm)

Description: Description:
The remote host is missing an update to gdm
announced via advisory USN-1099-1.

Details follow:

Sebastian Krahmer discovered that GDM (GNOME Display Manager) did not
properly drop privileges when handling the cache directories used
to store users' dmrc and face icon files. This could allow a local
attacker to change the ownership of arbitrary files, thereby gaining
root privileges.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
gdm 2.28.1-0ubuntu2.3

Ubuntu 10.04 LTS:
gdm 2.30.2.is.2.30.0-0ubuntu5.1

Ubuntu 10.10:
gdm 2.30.5-0ubuntu4.1

After a standard system update you need to log out all desktop sessions
and restart GDM to make all the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-1099-1

Risk factor : High

CVSS Score:
6.9

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-0727
http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html
Debian Security Information: DSA-2205 (Google Search)
http://www.debian.org/security/2011/dsa-2205
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:070
http://www.redhat.com/support/errata/RHSA-2011-0395.html
http://www.ubuntu.com/usn/USN-1099-1
BugTraq ID: 47063
http://www.securityfocus.com/bid/47063
http://securitytracker.com/id?1025264
http://secunia.com/advisories/43714
http://secunia.com/advisories/43854
http://secunia.com/advisories/44021
http://www.vupen.com/english/advisories/2011/0786
http://www.vupen.com/english/advisories/2011/0787
http://www.vupen.com/english/advisories/2011/0797
http://www.vupen.com/english/advisories/2011/0847
http://www.vupen.com/english/advisories/2011/0911
XForce ISS Database: display-manager-priv-escalation(66377)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66377

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.69379
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1099-1 (gdm)
Summary:	Ubuntu USN-1099-1 (gdm)
Description:	Description: The remote host is missing an update to gdm announced via advisory USN-1099-1. Details follow: Sebastian Krahmer discovered that GDM (GNOME Display Manager) did not properly drop privileges when handling the cache directories used to store users' dmrc and face icon files. This could allow a local attacker to change the ownership of arbitrary files, thereby gaining root privileges. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: gdm 2.28.1-0ubuntu2.3 Ubuntu 10.04 LTS: gdm 2.30.2.is.2.30.0-0ubuntu5.1 Ubuntu 10.10: gdm 2.30.5-0ubuntu4.1 After a standard system update you need to log out all desktop sessions and restart GDM to make all the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-1099-1 Risk factor : High CVSS Score: 6.9
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0727 http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html Debian Security Information: DSA-2205 (Google Search) http://www.debian.org/security/2011/dsa-2205 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:070 http://www.redhat.com/support/errata/RHSA-2011-0395.html http://www.ubuntu.com/usn/USN-1099-1 BugTraq ID: 47063 http://www.securityfocus.com/bid/47063 http://securitytracker.com/id?1025264 http://secunia.com/advisories/43714 http://secunia.com/advisories/43854 http://secunia.com/advisories/44021 http://www.vupen.com/english/advisories/2011/0786 http://www.vupen.com/english/advisories/2011/0787 http://www.vupen.com/english/advisories/2011/0797 http://www.vupen.com/english/advisories/2011/0847 http://www.vupen.com/english/advisories/2011/0911 XForce ISS Database: display-manager-priv-escalation(66377) https://exchange.xforce.ibmcloud.com/vulnerabilities/66377
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com