CVE-2007-3381: Input Validation
First published: Tue Aug 07 2007(Updated: )
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE GDM | =2.14.1 | |
| SUSE GDM | =2.5 | |
| SUSE GDM | =2.2 | |
| SUSE GDM | =2.14.8 | |
| SUSE GDM | =2.14.11 | |
| SUSE GDM | <=2.14.12 | |
| SUSE GDM | =2.13 | |
| SUSE GDM | =2.4 | |
| SUSE GDM | =2.14.2 | |
| SUSE GDM | =2.14.5 | |
| SUSE GDM | =2.3 | |
| SUSE GDM | =2.6 | |
| SUSE GDM | =2.8 | |
| SUSE GDM | =2.14.6 | |
| SUSE GDM | =2.14.4 | |
| SUSE GDM | =2.14.7 | |
| SUSE GDM | =1.0 | |
| SUSE GDM | =2.14.9 | |
| SUSE GDM | =2.14 | |
| SUSE GDM | =2.14.10 | |
| SUSE GDM | =0.7 | |
| SUSE GDM | =2.14.3 | |
| SUSE GDM | =2.0 | |
| SUSE GDM | =2.16.2 | |
| SUSE GDM | =2.16 | |
| SUSE GDM | =2.16.1 | |
| SUSE GDM | =2.18.1 | |
| SUSE GDM | =2.18.3 | |
| SUSE GDM | =2.18.2 | |
| SUSE GDM | =2.18 | |
| SUSE GDM | =2.19.3 | |
| SUSE GDM | =2.19 | |
| SUSE GDM | =2.19.4 | |
| SUSE GDM | =2.19.2 | |
| SUSE GDM | =2.19.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes
- http://secunia.com/advisories/26313
- http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news
- http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news
- http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news
- https://issues.rpath.com/browse/RPL-1599
- http://security.gentoo.org/glsa/glsa-200709-11.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:169
- http://www.redhat.com/support/errata/RHSA-2007-0777.html
- http://www.securityfocus.com/bid/25191
- http://www.securitytracker.com/id?1018523
- http://secunia.com/advisories/26368
- http://secunia.com/advisories/26520
- http://secunia.com/advisories/26900
- http://secunia.com/advisories/26879
- http://www.vupen.com/english/advisories/2007/2781
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887
- http://www.securityfocus.com/archive/1/475451/30/5550/threaded
Frequently Asked Questions
What is the severity of CVE-2007-3381?
CVE-2007-3381 is classified as a denial of service vulnerability that can result in a persistent daemon crash.
How do I fix CVE-2007-3381?
To mitigate CVE-2007-3381, upgrade the GNOME Display Manager to version 2.14.13, 2.16.7, 2.18.4, or 2.19.5 or later.
What systems are affected by CVE-2007-3381?
CVE-2007-3381 affects multiple versions of the GNOME Display Manager, specifically versions prior to 2.14.13, 2.16.7, 2.18.4, and 2.19.5.
Can CVE-2007-3381 be exploited remotely?
No, CVE-2007-3381 requires local access to exploit as it affects local users of the GNOME Display Manager.
What is the impact of CVE-2007-3381 on users?
Users may experience service interruptions due to the crashing of the GDM daemon when this vulnerability is exploited.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/gnome
- canonical/suse gdm
- version/suse gdm/2.14.1
- version/suse gdm/2.5
- version/suse gdm/2.2
- version/suse gdm/2.14.8
- version/suse gdm/2.14.11
- version/suse gdm/2.14.12
- version/suse gdm/2.13
- version/suse gdm/2.4
- version/suse gdm/2.14.2
- version/suse gdm/2.14.5
- version/suse gdm/2.3
- version/suse gdm/2.6
- version/suse gdm/2.8
- version/suse gdm/2.14.6
- version/suse gdm/2.14.4
- version/suse gdm/2.14.7
- version/suse gdm/1.0
- version/suse gdm/2.14.9
- version/suse gdm/2.14
- version/suse gdm/2.14.10
- version/suse gdm/0.7
- version/suse gdm/2.14.3
- version/suse gdm/2.0
- version/suse gdm/2.16.2
- version/suse gdm/2.16
- version/suse gdm/2.16.1
- version/suse gdm/2.18.1
- version/suse gdm/2.18.3
- version/suse gdm/2.18.2
- version/suse gdm/2.18
- version/suse gdm/2.19.3
- version/suse gdm/2.19
- version/suse gdm/2.19.4
- version/suse gdm/2.19.2
- version/suse gdm/2.19.1