Vulnerability in Gnome Gdm
CVE-2011-1709
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
EPSS: 0.001 (17.6th percentile) — read the EPSS interpretation.
Affected products
- Gnome Gdm — versions 1.0, 2.0, 2.2
- Gnome Glib — versions 2.28
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- 44797 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- FEDORA-2011-7822 (x_refsource_FEDORA, vendor-advisory)
- USN-1142-1 (x_refsource_UBUNTU, vendor-advisory)
- 48084 (vdb-entry, x_refsource_BID)
- openSUSE-SU-2011:0581 (vendor-advisory, x_refsource_SUSE)
- 44808 (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM, Patch)