CVE-2011-0727 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.9 UNKNOWN	LOCAL	MEDIUM		AV:L/AC:M/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Affected Products (NVD)

Vendor	Product	Version
gnome	gdm	2.0
gnome	gdm	2.2
gnome	gdm	2.3
gnome	gdm	2.4
gnome	gdm	2.5
gnome	gdm	2.6
gnome	gdm	2.8
gnome	gdm	2.13
gnome	gdm	2.14
gnome	gdm	2.15
gnome	gdm	2.16
gnome	gdm	2.17
gnome	gdm	2.18
gnome	gdm	2.19
gnome	gdm	2.20
gnome	gdm	2.21
gnome	gdm	2.22
gnome	gdm	2.23
gnome	gdm	2.24
gnome	gdm	2.25
gnome	gdm	2.26
gnome	gdm	2.27
gnome	gdm	2.28
gnome	gdm	2.29
gnome	gdm	2.30
gnome	gdm	2.31
gnome	gdm	2.32

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

gdm3

bookworm	43.0-3 fixed
bullseye	3.38.2.1-1 fixed
sid	47.0-3 fixed
trixie	47.0-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

gdm

dapper	ignored
hardy	not-affected
karmic	Fixed 2.28.1-0ubuntu2.3 released
lucid	Fixed 2.30.2.is.2.30.0-0ubuntu5.1 released
maverick	Fixed 2.30.5-0ubuntu4.1 released

Red Hat Enterprise Linux Releases

Red Hat Product

Release

gdm

RHEL 6

1:2.30.4-21.el6_0.1

fixed

gdm-libs

RHEL 6

1:2.30.4-21.el6_0.1

fixed

gdm-plugin-fingerprint

RHEL 6

1:2.30.4-21.el6_0.1

fixed

gdm-plugin-smartcard

RHEL 6

1:2.30.4-21.el6_0.1

fixed

gdm-user-switch-applet

RHEL 6

1:2.30.4-21.el6_0.1

fixed

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html

http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html

http://secunia.com/advisories/43714

http://secunia.com/advisories/43854

http://secunia.com/advisories/44021

http://securitytracker.com/id?1025264

http://www.debian.org/security/2011/dsa-2205

http://www.mandriva.com/security/advisories?name=MDVSA-2011:070

http://www.redhat.com/support/errata/RHSA-2011-0395.html

http://www.securityfocus.com/bid/47063

http://www.ubuntu.com/usn/USN-1099-1

http://www.vupen.com/english/advisories/2011/0786

http://www.vupen.com/english/advisories/2011/0787

http://www.vupen.com/english/advisories/2011/0797

http://www.vupen.com/english/advisories/2011/0847

http://www.vupen.com/english/advisories/2011/0911

https://bugzilla.redhat.com/show_bug.cgi?id=688323

https://exchange.xforce.ibmcloud.com/vulnerabilities/66377

http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html

http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html

http://secunia.com/advisories/43714

http://secunia.com/advisories/43854

http://secunia.com/advisories/44021

http://securitytracker.com/id?1025264

http://www.debian.org/security/2011/dsa-2205

http://www.mandriva.com/security/advisories?name=MDVSA-2011:070

http://www.redhat.com/support/errata/RHSA-2011-0395.html

http://www.securityfocus.com/bid/47063

http://www.ubuntu.com/usn/USN-1099-1

http://www.vupen.com/english/advisories/2011/0786

http://www.vupen.com/english/advisories/2011/0787

http://www.vupen.com/english/advisories/2011/0797

http://www.vupen.com/english/advisories/2011/0847

http://www.vupen.com/english/advisories/2011/0911

https://bugzilla.redhat.com/show_bug.cgi?id=688323

https://exchange.xforce.ibmcloud.com/vulnerabilities/66377