CVE-2006-2452

GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.

CVSS v2.0 3.7 LOW

3.7^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 1.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bugzilla.gnome.org/show_bug.cgi?id=343476
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html
http://secunia.com/advisories/20532
http://secunia.com/advisories/20552
http://secunia.com/advisories/20587
http://secunia.com/advisories/20627
http://secunia.com/advisories/20636
http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:100
http://www.securityfocus.com/archive/1/436428
http://www.securityfocus.com/bid/18332
http://www.vupen.com/english/advisories/2006/2239
https://exchange.xforce.ibmcloud.com/vulnerabilities/27018
https://usn.ubuntu.com/293-1/
http://bugzilla.gnome.org/show_bug.cgi?id=343476
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html
http://secunia.com/advisories/20532
http://secunia.com/advisories/20552
http://secunia.com/advisories/20587
http://secunia.com/advisories/20627
http://secunia.com/advisories/20636
http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:100
http://www.securityfocus.com/archive/1/436428
http://www.securityfocus.com/bid/18332
http://www.vupen.com/english/advisories/2006/2239
https://exchange.xforce.ibmcloud.com/vulnerabilities/27018
https://usn.ubuntu.com/293-1/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnome:gdm:2.8:::::::*
	cpe:2.3:a:gnome:gdm:2.12:::::::*
	cpe:2.3:a:gnome:gdm:2.14:::::::*
	cpe:2.3:a:gnome:gdm:2.15:::::::*

History

21 Nov 2024, 00:11

Type	Values Removed	Values Added
References	~~() http://bugzilla.gnome.org/show_bug.cgi?id=343476 -~~	() http://bugzilla.gnome.org/show_bug.cgi?id=343476 -
References	~~() http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html -~~	() http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html -
References	~~() http://secunia.com/advisories/20532 -~~	() http://secunia.com/advisories/20532 -
References	~~() http://secunia.com/advisories/20552 -~~	() http://secunia.com/advisories/20552 -
References	~~() http://secunia.com/advisories/20587 -~~	() http://secunia.com/advisories/20587 -
References	~~() http://secunia.com/advisories/20627 -~~	() http://secunia.com/advisories/20627 -
References	~~() http://secunia.com/advisories/20636 -~~	() http://secunia.com/advisories/20636 -
References	~~() http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml -~~	() http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml -
References	~~() http://www.mandriva.com/security/advisories?name=MDKSA-2006:100 -~~	() http://www.mandriva.com/security/advisories?name=MDKSA-2006:100 -
References	~~() http://www.securityfocus.com/archive/1/436428 -~~	() http://www.securityfocus.com/archive/1/436428 -
References	~~() http://www.securityfocus.com/bid/18332 -~~	() http://www.securityfocus.com/bid/18332 -
References	~~() http://www.vupen.com/english/advisories/2006/2239 -~~	() http://www.vupen.com/english/advisories/2006/2239 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/27018 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/27018 -
References	~~() https://usn.ubuntu.com/293-1/ -~~	() https://usn.ubuntu.com/293-1/ -

Information

Published : 2006-06-09 10:02

Updated : 2024-11-21 00:11

NVD link : CVE-2006-2452

Mitre link : CVE-2006-2452

CVE.ORG link : CVE-2006-2452

JSON object : View

Products Affected

gnome

CWE

NVD-CWE-Other

3.7 /10