Vulnerability Details : CVE-2013-7273
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
Vulnerability category: Denial of service
Products affected by CVE-2013-7273
- cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.3.92:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.3.92.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.1.91:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.1.90:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.1.92:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.4.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-7273
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-7273
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
References for CVE-2013-7273
-
http://www.openwall.com/lists/oss-security/2014/01/07/10
oss-security - Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338
#683338 - CVE-2013-7273 gdm3: no prompt anymore after login cancel using disable_user_list - Debian Bug report logs
-
https://bugzilla.gnome.org/show_bug.cgi?id=704284
Bug 704284 – when disable-user-list=true, cancelling login leaves gdm in unusable state
-
https://bugzilla.redhat.com/show_bug.cgi?id=1050745
1050745 – (CVE-2013-7273) CVE-2013-7273 gdm: local DoS possible when cancelling and disable-user-list=true when fallback greeter is used
-
http://www.openwall.com/lists/oss-security/2014/01/07/16
oss-security - Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference
Jump to