CVE-2000-0491

GNOME gdm - Remote Code Execution via XDMCP FORWARD_QUERY Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2000-0491. PoCs published by AbraxaS, Chris Evans.

AI-analyzed exploit summary This exploit targets a buffer overflow in GNOME Display Manager (gdm) via maliciously crafted XDMCP messages. It sends a FORWARD_QUERY request with a large payload containing NOPs and shellcode to execute a bind shell on port 3879.

Description

Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.

Exploits (2)

exploitdb WORKING POC VERIFIED

by AbraxaS · cremotelinux

https://www.exploit-db.com/exploits/19948

View Code ZIP pw:eip

This exploit targets a buffer overflow in GNOME Display Manager (gdm) via maliciously crafted XDMCP messages. It sends a FORWARD_QUERY request with a large payload containing NOPs and shellcode to execute a bind shell on port 3879.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GNOME Display Manager (gdm) 2.0beta1-4 and 2.0beta2

No auth needed

Prerequisites: XDMCP enabled in gdm configuration · Network access to UDP port 177

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Chris Evans · cremotelinux

https://www.exploit-db.com/exploits/19947

View Code ZIP pw:eip

This exploit targets a buffer overflow in the XDMCP handling code of 'gdm' (GNOME Display Manager) by sending a maliciously crafted FORWARD_QUERY request. The overflow occurs due to improper handling of the remote display field, allowing arbitrary command execution as root.