CVE-2010-2387

EUVD-2010-2397
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
1.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
gnomegnome_display_manager
2.20.0
gnomegnome_display_manager
2.20.1
gnomegnome_display_manager
2.20.2
gnomegnome_display_manager
2.20.3
gnomegnome_display_manager
2.20.4
gnomegnome_display_manager
2.20.5
gnomegnome_display_manager
2.20.6
gnomegnome_display_manager
2.20.7
gnomegnome_display_manager
2.20.8
gnomegnome_display_manager
2.20.9
gnomegnome_display_manager
2.20.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gdm
hardy
ignored
lucid
not-affected
oneiric
not-affected
precise
not-affected
quantal
not-affected
Common Weakness Enumeration
References
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes
http://secunia.com/advisories/40690
http://secunia.com/advisories/40780
http://www.auscert.org.au/13123
http://www.osvdb.org/66643
https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure
https://bugzilla.gnome.org/show_bug.cgi?id=571846
https://exchange.xforce.ibmcloud.com/vulnerabilities/60642
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes
http://secunia.com/advisories/40690
http://secunia.com/advisories/40780
http://www.auscert.org.au/13123
http://www.osvdb.org/66643
https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure
https://bugzilla.gnome.org/show_bug.cgi?id=571846
https://exchange.xforce.ibmcloud.com/vulnerabilities/60642