|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200606-14] GDM: Privilege escalation Vulnerability Scan
Vulnerability Scan Summary GDM: Privilege escalation
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200606-14
(GDM: Privilege escalation)
GDM allows a normal user to access the configuration manager.
Impact
When the "face browser" in GDM is enabled, a normal user can use the
"configure login manager" with his/her own password instead of the root
password, and thus gain additional rights.
Workaround
There is no known workaround at this time.
References:
http://bugzilla.gnome.org/show_bug.cgi?id=343476
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2452
Solution:
All GDM users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=gnome-base/gdm-2.8.0.8"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|