PT-2018-12505 · Alt Linux Team+4 · Alt Linux+3

Chris Coulson

Publicado

2018-08-13

Atualizado

2024-06-15

CVE-2018-14424

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GDM versions prior to 3.29.1 ALT Linux (affected versions not specified)

Description The issue arises from the daemon in GDM not properly unexporting display objects from its D-Bus interface when they are destroyed. This allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls. As a result, this can lead to a denial of service or potential code execution.

Recommendations For GDM versions prior to 3.29.1, update to version 3.29.1 or later to resolve the issue. At the moment, there is no information about a fix for ALT Linux.

Correção

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2018-2142

ALT-PU-2018-2309

CVE-2018-14424

DLA-1494-1

DSA-4270-1

OPENSUSE-SU-2018_2818-1

OPENSUSE-SU-2024:10780-1

SUSE-SU-2018:2527-1

SUSE-SU-2018:2771-1

SUSE-SU-2018_2527-1

SUSE-SU-2018_2771-1

USN-3737-1

Produtos afetados

Alt Linux

Gdm

Suse

Ubuntu

PT-2018-12505 · Alt Linux Team+4 · Alt Linux+3

CVE-2018-14424

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 40