Vulnerability Details : CVE-2003-0794
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
Vulnerability category: Denial of service
Products affected by CVE-2003-0794
- cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.4.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2003-0794
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2003-0794
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
References for CVE-2003-0794
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/13448
-
http://www.mandriva.com/security/advisories?name=MDKSA-2003:100
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766
-
http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome
-
http://www.securityfocus.com/bid/8846
Patch;Vendor Advisory
Jump to