CVE-2011-0727: Race Condition
First published: Wed Mar 16 2011(Updated: )
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
Credit: security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNOME libraries | =2.5 | |
| GNOME libraries | =2.2 | |
| GNOME libraries | =2.30 | |
| GNOME libraries | =2.25 | |
| GNOME libraries | =2.19 | |
| GNOME libraries | =2.22 | |
| GNOME libraries | =2.16 | |
| GNOME libraries | =2.13 | |
| GNOME libraries | =2.15 | |
| GNOME libraries | =2.4 | |
| GNOME libraries | =2.21 | |
| GNOME libraries | =2.27 | |
| GNOME libraries | =2.3 | |
| GNOME libraries | =2.23 | |
| GNOME libraries | =2.20 | |
| GNOME libraries | =2.6 | |
| GNOME libraries | =2.8 | |
| GNOME libraries | =2.26 | |
| GNOME libraries | =2.31 | |
| GNOME libraries | =2.28 | |
| GNOME libraries | =2.18 | |
| GNOME libraries | =2.14 | |
| GNOME libraries | =2.29 | |
| GNOME libraries | =2.17 | |
| GNOME libraries | =2.0 | |
| GNOME libraries | =2.24 | |
| GNOME libraries | =2.32 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2011/dsa-2205
- http://secunia.com/advisories/43854
- http://www.vupen.com/english/advisories/2011/0797
- http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html
- https://bugzilla.redhat.com/show_bug.cgi?id=688323
- http://www.vupen.com/english/advisories/2011/0787
- http://securitytracker.com/id?1025264
- http://www.redhat.com/support/errata/RHSA-2011-0395.html
- http://secunia.com/advisories/43714
- http://www.securityfocus.com/bid/47063
- http://www.vupen.com/english/advisories/2011/0786
- http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:070
- http://www.vupen.com/english/advisories/2011/0847
- http://secunia.com/advisories/44021
- http://www.ubuntu.com/usn/USN-1099-1
- http://www.vupen.com/english/advisories/2011/0911
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66377
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=565151
- http://git.gnome.org/browse/gdm/commit/?id=c25ef9245b
- https://bugzilla.gnome.org/show_bug.cgi?id=565151
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=456021
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=487587&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=487587&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=688323#c7
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=691496
- https://rhn.redhat.com/errata/RHSA-2011-0395.html
Frequently Asked Questions
What is the severity of CVE-2011-0727?
CVE-2011-0727 has been classified as a medium severity vulnerability due to its potential exploitation through local user permissions.
How do I fix CVE-2011-0727?
To mitigate CVE-2011-0727, update the GNOME Display Manager (gdm) to version 2.32.1 or later.
What systems are affected by CVE-2011-0727?
CVE-2011-0727 affects GNOME Display Manager (gdm) versions 2.0 through 2.32, including various intermediate releases.
What types of attacks can exploit CVE-2011-0727?
CVE-2011-0727 can be exploited through a symlink attack, allowing local users to change file ownership.
Who is impacted by CVE-2011-0727?
Local users on systems running vulnerable versions of GNOME Display Manager (gdm) are the primary targets of CVE-2011-0727.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-0727
- agent/trending
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/gnome
- canonical/gnome libraries
- version/gnome libraries/2.5
- version/gnome libraries/2.2
- version/gnome libraries/2.30
- version/gnome libraries/2.25
- version/gnome libraries/2.19
- version/gnome libraries/2.22
- version/gnome libraries/2.16
- version/gnome libraries/2.13
- version/gnome libraries/2.15
- version/gnome libraries/2.4
- version/gnome libraries/2.21
- version/gnome libraries/2.27
- version/gnome libraries/2.3
- version/gnome libraries/2.23
- version/gnome libraries/2.20
- version/gnome libraries/2.6
- version/gnome libraries/2.8
- version/gnome libraries/2.26
- version/gnome libraries/2.31
- version/gnome libraries/2.28
- version/gnome libraries/2.18
- version/gnome libraries/2.14
- version/gnome libraries/2.29
- version/gnome libraries/2.17
- version/gnome libraries/2.0
- version/gnome libraries/2.24
- version/gnome libraries/2.32