Vulnerability Details : CVE-2011-0727
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
Products affected by CVE-2011-0727
- cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.17:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.22:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.23:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.30:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.31:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.26:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.27:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.20:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.21:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.28:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.29:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.24:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.25:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.32:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0727
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0727
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2011-0727
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0727
-
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news
-
http://www.vupen.com/english/advisories/2011/0911
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2011/0797
Webmail | OVH- OVHVendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html
[SECURITY] Fedora 14 Update: gdm-2.32.1-2.fc14
-
https://bugzilla.redhat.com/show_bug.cgi?id=688323
688323 – (CVE-2011-0727) CVE-2011-0727 gdm: privilege escalation vulnerabilityPatch
-
http://www.redhat.com/support/errata/RHSA-2011-0395.html
Support
-
http://www.vupen.com/english/advisories/2011/0786
Webmail | OVH- OVHVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:070
mandriva.com
-
http://securitytracker.com/id?1025264
GNOME Display Manager Cache Directory Symlink Flaw Lets Local Users Gain Elevated Privileges - SecurityTracker
-
http://www.vupen.com/english/advisories/2011/0847
Webmail | OVH- OVH
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66377
GNOME Display Manager privilege escalation CVE-2011-0727 Vulnerability Report
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html
[SECURITY] Fedora 13 Update: gdm-2.30.2-2.fc13
-
http://www.securityfocus.com/bid/47063
GNOME Display Manager Race Condition Local Privilege Escalation Vulnerability
-
http://www.debian.org/security/2011/dsa-2205
Debian -- Security Information -- DSA-2205-1 gdm3
-
http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html
[gdm-list] GDM 2.32.1 releasedPatch
-
http://www.ubuntu.com/usn/USN-1099-1
USN-1099-1: GDM vulnerability | Ubuntu security notices
-
http://www.vupen.com/english/advisories/2011/0787
Webmail | OVH- OVHVendor Advisory
Jump to