CVE-2003-0794

GDM 2.4.4.x < 2.4.4.4 and 2.4.1.x < 2.4.1.7 - Denial of Service via Command Flooding

Title source: llm

Description

GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/13448

Vendor Advisory vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2003:100

Vendor Advisory vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766

Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/8846

Various Sources x_refsource_confirm

http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome

Scores

EPSS 0.0008

EPSS Percentile 24.0%

Details

Status published

Products (9)

gnome/gdm 2.2.5.4

gnome/gdm 2.4.1

gnome/gdm 2.4.1.1

gnome/gdm 2.4.1.2

gnome/gdm 2.4.1.3

gnome/gdm 2.4.1.4

gnome/gdm 2.4.1.5

gnome/gdm 2.4.1.6

gnome/gdm 2.4.4

Published Nov 17, 2003

Tracked Since Feb 18, 2026