Vulnerability Description
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Gnome Display Manager | 2.20.0 |
Related Weaknesses (CWE)
References
- http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes
- http://secunia.com/advisories/40690Vendor Advisory
- http://secunia.com/advisories/40780Vendor Advisory
- http://www.auscert.org.au/13123US Government Resource
- http://www.osvdb.org/66643
- https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure
- https://bugzilla.gnome.org/show_bug.cgi?id=571846
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60642
- http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes
- http://secunia.com/advisories/40690Vendor Advisory
- http://secunia.com/advisories/40780Vendor Advisory
- http://www.auscert.org.au/13123US Government Resource
- http://www.osvdb.org/66643
- https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure
- https://bugzilla.gnome.org/show_bug.cgi?id=571846
FAQ
What is CVE-2010-2387?
CVE-2010-2387 is a vulnerability with a CVSS score of 1.9 (LOW). vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow...
How severe is CVE-2010-2387?
CVE-2010-2387 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2387?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Gnome Display Manager.