Vulnerability CVE-2006-6105
Published: 2006-12-14   Modified: 2012-02-12

Description:
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.

CVSS2 => (AV:L/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
6.4/10
3.1/10
Exploit range
Attack complexity
Authentication
Local
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Gnome -> GDM 

 References:
http://www.securityfocus.com/bid/21597
http://securitytracker.com/id?1017320
http://www.vupen.com/english/advisories/2006/5015
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453
http://xforce.iss.net/xforce/xfdb/30896
http://www.ubuntu.com/usn/usn-396-1
http://www.osvdb.org/30848
http://www.novell.com/linux/security/advisories/2006_29_sr.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:231
http://securitytracker.com/id?1017383
http://secunia.com/advisories/23409
http://secunia.com/advisories/23387
http://secunia.com/advisories/23385
http://secunia.com/advisories/23381
http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news
Copyright 2024, cxsecurity.com

 

Back to Top