PT-2018-5374 · Gnome+1 · Gdm+1

Cedric Buissart

Publicado

2017-05-11

Atualizado

2024-06-15

CVE-2017-12164

CVSS v2.0

6.9

Média

Vetor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions gdm version 3.24.1

Description A flaw was discovered in gdm where the gdm greeter was no longer setting the ran once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.

Recommendations For gdm version 3.24.1, update to a version where the gdm greeter correctly sets the ran once boolean during autologin to prevent attackers from unlocking screens by selecting 'login as another user'.

Correção

Improper Initialization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-592CWE-665

Identificadores relacionados

ALT-PU-2017-1588

ALT-PU-2017-2192

CVE-2017-12164

MGASA-2018-0056

OPENSUSE-SU-2024:10780-1

Produtos afetados

Alt Linux

Gdm

PT-2018-5374 · Gnome+1 · Gdm+1

CVE-2017-12164

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20