PT-2015-2745 · Gnome+3 · Gnome Display Manager+3

Christoph Reiter

Publicado

2015-11-17

Atualizado

2024-06-15

CVE-2015-7496

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GNOME Display Manager (gdm) versions prior to 3.18.2

Description The issue allows physically proximate attackers to bypass the lock screen by holding the Escape key. It is related to insufficient access control to files in the GNOME Display Manager graphical interface, which can be exploited by a local attacker to bypass the lock screen.

Recommendations For versions prior to 3.18.2, update to version 3.18.2 or later to resolve the issue. As a temporary workaround, consider disabling the lock screen feature until a patch is available. Restrict physical access to devices running affected versions to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

ALT-PU-2015-2006

BDU:2015-12110

CESA-2017_2128

CVE-2015-7496

MGASA-2017-0248

OPENSUSE-SU-2024:10412-1

RHSA-2017:2128

RHSA-2017_2128

Produtos afetados

Alt Linux

Centos

Gnome Display Manager

Red Hat

PT-2015-2745 · Gnome+3 · Gnome Display Manager+3

CVE-2015-7496

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 33