CVE-2011-0727

GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
gnomegdm
2.0
gnomegdm
2.2
gnomegdm
2.3
gnomegdm
2.4
gnomegdm
2.5
gnomegdm
2.6
gnomegdm
2.8
gnomegdm
2.13
gnomegdm
2.14
gnomegdm
2.15
gnomegdm
2.16
gnomegdm
2.17
gnomegdm
2.18
gnomegdm
2.19
gnomegdm
2.20
gnomegdm
2.21
gnomegdm
2.22
gnomegdm
2.23
gnomegdm
2.24
gnomegdm
2.25
gnomegdm
2.26
gnomegdm
2.27
gnomegdm
2.28
gnomegdm
2.29
gnomegdm
2.30
gnomegdm
2.31
gnomegdm
2.32
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gdm3
bullseye
3.38.2.1-1
fixed
bookworm
43.0-3
fixed
sid
47.0-3
fixed
trixie
47.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gdm
maverick
Fixed 2.30.5-0ubuntu4.1
released
lucid
Fixed 2.30.2.is.2.30.0-0ubuntu5.1
released
karmic
Fixed 2.28.1-0ubuntu2.3
released
hardy
not-affected
dapper
ignored
Common Weakness Enumeration
References
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html
http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html
http://secunia.com/advisories/43714
http://secunia.com/advisories/43854
http://secunia.com/advisories/44021
http://securitytracker.com/id?1025264
http://www.debian.org/security/2011/dsa-2205
http://www.mandriva.com/security/advisories?name=MDVSA-2011:070
http://www.redhat.com/support/errata/RHSA-2011-0395.html
http://www.securityfocus.com/bid/47063
http://www.ubuntu.com/usn/USN-1099-1
http://www.vupen.com/english/advisories/2011/0786
http://www.vupen.com/english/advisories/2011/0787
http://www.vupen.com/english/advisories/2011/0797
http://www.vupen.com/english/advisories/2011/0847
http://www.vupen.com/english/advisories/2011/0911
https://bugzilla.redhat.com/show_bug.cgi?id=688323
https://exchange.xforce.ibmcloud.com/vulnerabilities/66377
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html
http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html
http://secunia.com/advisories/43714
http://secunia.com/advisories/43854
http://secunia.com/advisories/44021
http://securitytracker.com/id?1025264
http://www.debian.org/security/2011/dsa-2205
http://www.mandriva.com/security/advisories?name=MDVSA-2011:070
http://www.redhat.com/support/errata/RHSA-2011-0395.html
http://www.securityfocus.com/bid/47063
http://www.ubuntu.com/usn/USN-1099-1
http://www.vupen.com/english/advisories/2011/0786
http://www.vupen.com/english/advisories/2011/0787
http://www.vupen.com/english/advisories/2011/0797
http://www.vupen.com/english/advisories/2011/0847
http://www.vupen.com/english/advisories/2011/0911
https://bugzilla.redhat.com/show_bug.cgi?id=688323
https://exchange.xforce.ibmcloud.com/vulnerabilities/66377