Vulnerability Description
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Gdm | 2.8 |
References
- http://bugzilla.gnome.org/show_bug.cgi?id=343476
- http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html
- http://secunia.com/advisories/20532
- http://secunia.com/advisories/20552
- http://secunia.com/advisories/20587
- http://secunia.com/advisories/20627
- http://secunia.com/advisories/20636
- http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:100
- http://www.securityfocus.com/archive/1/436428
- http://www.securityfocus.com/bid/18332
- http://www.vupen.com/english/advisories/2006/2239
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27018
- https://usn.ubuntu.com/293-1/
- http://bugzilla.gnome.org/show_bug.cgi?id=343476
FAQ
What is CVE-2006-2452?
CVE-2006-2452 is a vulnerability with a CVSS score of 3.7 (LOW). GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root p...
How severe is CVE-2006-2452?
CVE-2006-2452 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2452?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Gdm.