CVE-2010-2387

Gnome Display Manager - Credentials Management

Title source: rule

Description

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.

Exploits (1)

nomisec WRITEUP

by LogSec · poc

https://github.com/LogSec/CVE-2010-2387

View Code ZIP pw:eip

References (8)

Core 8

Core References

Issue Tracking x_refsource_confirm

https://bugzilla.gnome.org/show_bug.cgi?id=571846

US Government Resource third-party-advisory x_refsource_auscert

http://www.auscert.org.au/13123

Various Sources x_refsource_confirm

https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40690

Various Sources x_refsource_confirm

http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/60642

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40780

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/66643

Scores

EPSS 0.0014

EPSS Percentile 33.1%

Details

CWE

CWE-255

Status published

Products (11)

gnome/gnome_display_manager 2.20.0

gnome/gnome_display_manager 2.20.1

gnome/gnome_display_manager 2.20.2

gnome/gnome_display_manager 2.20.3

gnome/gnome_display_manager 2.20.4

gnome/gnome_display_manager 2.20.5

gnome/gnome_display_manager 2.20.6

gnome/gnome_display_manager 2.20.7

gnome/gnome_display_manager 2.20.8

gnome/gnome_display_manager 2.20.9

... and 1 more

Published Dec 21, 2012

Tracked Since Feb 18, 2026