Vulnerability Description
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Gdm | 1.0 |
| Gnome | Glib | 2.28 |
Related Weaknesses (CWE)
References
- http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news
- http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753ePatch
- http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html
- http://secunia.com/advisories/44797Vendor Advisory
- http://secunia.com/advisories/44808
- http://www.securityfocus.com/bid/48084
- http://www.ubuntu.com/usn/USN-1142-1
- https://bugzilla.redhat.com/show_bug.cgi?id=709139Patch
- https://hermes.opensuse.org/messages/8643655
- http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news
- http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753ePatch
- http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html
- http://secunia.com/advisories/44797Vendor Advisory
- http://secunia.com/advisories/44808
- http://www.securityfocus.com/bid/48084
FAQ
What is CVE-2011-1709?
CVE-2011-1709 is a vulnerability with a CVSS score of 7.2 (HIGH). GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving...
How severe is CVE-2011-1709?
CVE-2011-1709 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1709?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Gdm, Gnome Glib.