CVE-2011-1709

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
gnomegdm
1.0
gnomegdm
2.0
gnomegdm
2.2
gnomegdm
2.3
gnomegdm
2.4
gnomegdm
2.5
gnomegdm
2.6
gnomegdm
2.8
gnomegdm
2.13
gnomegdm
2.14
gnomegdm
2.15
gnomegdm
2.16
gnomegdm
2.17
gnomegdm
2.18
gnomegdm
2.19
gnomegdm
2.20
gnomegdm
2.21
gnomegdm
2.22
gnomegdm
2.23
gnomegdm
2.24
gnomegdm
2.25
gnomegdm
2.26
gnomegdm
2.27
gnomegdm
2.28
gnomegdm
2.29
gnomegdm
2.30
gnomegdm
2.31
gnomegdm
2.32
gnomegdm
2.32.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gdm3
bookworm
43.0-3
fixed
bullseye
3.38.2.1-1
fixed
sid
47.0-3
fixed
trixie
47.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gdm
hardy
ignored
lucid
not-affected
maverick
not-affected
natty
Fixed 2.32.1-0ubuntu3.2
released
Common Weakness Enumeration
References
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news
http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html
http://secunia.com/advisories/44797
http://secunia.com/advisories/44808
http://www.securityfocus.com/bid/48084
http://www.ubuntu.com/usn/USN-1142-1
https://bugzilla.redhat.com/show_bug.cgi?id=709139
https://hermes.opensuse.org/messages/8643655
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news
http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html
http://secunia.com/advisories/44797
http://secunia.com/advisories/44808
http://www.securityfocus.com/bid/48084
http://www.ubuntu.com/usn/USN-1142-1
https://bugzilla.redhat.com/show_bug.cgi?id=709139
https://hermes.opensuse.org/messages/8643655