PT-2019-5287 · Gnome+7 · Gdm+7

Burghard Britzke

Publicado

2019-02-06

Atualizado

2024-06-15

CVE-2019-3825

CVSS v2.0

6.9

Média

Vetor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions gdm versions prior to 3.31.4

Description A vulnerability was discovered in gdm that allows an attacker to bypass the lock screen when timed login is enabled. By selecting the timed login user and waiting for the timer to expire, an attacker could gain access to the logged-in user's session. The issue is related to insufficient authentication in the Gnome Display Manager, which could allow an attacker to obtain unauthorized access to protected information.

Recommendations For gdm versions prior to 3.31.4, update to version 3.31.4 or later to resolve the issue. As a temporary workaround, consider disabling the timed login feature until a patch is available. Restrict access to the lock screen to minimize the risk of exploitation. Avoid using the timed login user selection feature in the affected gdm versions until the issue is resolved.

Exploit

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

ALSA-2020:1766

ALSA-2020_1766

ALT-PU-2019-1322

ALT-PU-2019-1456

BDU:2020-02203

CESA-2020_1766

CVE-2019-3825

ELSA-2020-1766

OESA-2021-1044

OPENSUSE-SU-2019:0310-1

OPENSUSE-SU-2019_0310-1

OPENSUSE-SU-2024:10780-1

RHSA-2020:1766

RHSA-2020_1766

RLSA-2020:1766

RLSA-2020_1766

SUSE-SU-2019:0527-1

SUSE-SU-2019_0527-1

USN-3892-1

Produtos afetados

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

Gdm

PT-2019-5287 · Gnome+7 · Gdm+7

CVE-2019-3825

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 131