CVE-2007-3381

GNOME Display Manager DoS via NULL Return Handling

Title source: llm

Description

The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.

References (18)

Core 18

Core References

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200709-11.xml

Various Sources x_refsource_confirm

http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26313

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/2781

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/25191

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26879

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-1599

Various Sources x_refsource_confirm

http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26368

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:169

Various Sources x_refsource_confirm

http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/475451/30/5550/threaded

Various Sources x_refsource_confirm

http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0777.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1018523

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26900

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26520

Scores

EPSS 0.0008

EPSS Percentile 23.3%

Details

CWE

CWE-20

Status published

Products (35)

gnome/gdm 0.7

gnome/gdm 1.0

gnome/gdm 2.0

gnome/gdm 2.2

gnome/gdm 2.3

gnome/gdm 2.4

gnome/gdm 2.5

gnome/gdm 2.6

gnome/gdm 2.8

gnome/gdm 2.13

... and 25 more

Published Aug 07, 2007

Tracked Since Feb 18, 2026