Description
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
References (9)
Core 9
Core References
Various Sources x_refsource_confirm
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news
Patch x_refsource_confirm
http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44797
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1142-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/48084
Various Sources vendor-advisory
x_refsource_suse
https://hermes.opensuse.org/messages/8643655
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44808
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=709139
Scores
EPSS
0.0006
EPSS Percentile
17.3%
Details
CWE
CWE-264
Status
published
Products (29)
gnome/gdm
1.0
gnome/gdm
2.0
gnome/gdm
2.2
gnome/gdm
2.3
gnome/gdm
2.4
gnome/gdm
2.5
gnome/gdm
2.6
gnome/gdm
2.8
gnome/gdm
2.13
gnome/gdm
2.14
... and 19 more
Published
Jun 14, 2011
Tracked Since
Feb 18, 2026