CVE-2003-0547

GDM - Arbitrary File Read via Symlink Attack on .xsession-errors

Title source: llm

Description

GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.

References (5)

Core 5

Core References

Vendor Advisory vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729

Patch, Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2003-258.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112

Various Sources x_refsource_confirm

http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=106194792924122&w=2

Scores

EPSS 0.0011

EPSS Percentile 29.1%

Details

Status published

Products (9)

gnome/gdm 2.4.1

gnome/gdm 2.4.1.1

gnome/gdm 2.4.1.2

gnome/gdm 2.4.1.3

gnome/gdm 2.4.1.4

gnome/gdm 2.4.1.5

gnome/gdm 2.4.1.6

redhat/kdebase 2.4.0.7.13

redhat/kdebase 2.4.1.3.5

Published Aug 27, 2003

Tracked Since Feb 18, 2026