CVE-2007-3381

Name of the Vulnerable Software and Affected Versions: GNOME Display Manager (GDM) versions prior to 2.14.13 GNOME Display Manager (GDM) versions 2.16.x prior to 2.16.7 GNOME Display Manager (GDM) versions 2.18.x prior to 2.18.4 GNOME Display Manager (GDM) versions 2.19.x prior to 2.19.5

Description: The issue allows local users to cause a denial of service, resulting in a persistent daemon crash. This can be achieved by sending a crafted command to the daemon's socket. The problem is related to the handling of NULL return values from the g strsplit function in files such as gdm.c, gdmconfig.c, and gdmflexiserver.c. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations: For versions prior to 2.14.13, update to version 2.14.13 or later. For versions 2.16.x prior to 2.16.7, update to version 2.16.7 or later. For versions 2.18.x prior to 2.18.4, update to version 2.18.4 or later. For versions 2.19.x prior to 2.19.5, update to version 2.19.5 or later.