CVE-2011-1709

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
gnomegdm
1.0
gnomegdm
2.0
gnomegdm
2.2
gnomegdm
2.3
gnomegdm
2.4
gnomegdm
2.5
gnomegdm
2.6
gnomegdm
2.8
gnomegdm
2.13
gnomegdm
2.14
gnomegdm
2.15
gnomegdm
2.16
gnomegdm
2.17
gnomegdm
2.18
gnomegdm
2.19
gnomegdm
2.20
gnomegdm
2.21
gnomegdm
2.22
gnomegdm
2.23
gnomegdm
2.24
gnomegdm
2.25
gnomegdm
2.26
gnomegdm
2.27
gnomegdm
2.28
gnomegdm
2.29
gnomegdm
2.30
gnomegdm
2.31
gnomegdm
2.32
gnomegdm
2.32.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gdm3
bullseye
3.38.2.1-1
fixed
bookworm
43.0-3
fixed
sid
47.0-3
fixed
trixie
47.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gdm
natty
Fixed 2.32.1-0ubuntu3.2
released
maverick
not-affected
lucid
not-affected
hardy
ignored
Common Weakness Enumeration
References
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news
http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html
http://secunia.com/advisories/44797
http://secunia.com/advisories/44808
http://www.securityfocus.com/bid/48084
http://www.ubuntu.com/usn/USN-1142-1
https://bugzilla.redhat.com/show_bug.cgi?id=709139
https://hermes.opensuse.org/messages/8643655
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news
http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html
http://secunia.com/advisories/44797
http://secunia.com/advisories/44808
http://www.securityfocus.com/bid/48084
http://www.ubuntu.com/usn/USN-1142-1
https://bugzilla.redhat.com/show_bug.cgi?id=709139
https://hermes.opensuse.org/messages/8643655