CVE-2011-0727

Name of the Vulnerable Software and Affected Versions GNOME Display Manager (gdm) versions 2.x through 2.32.0 gdm-user-switch-applet version 2.30.4 gdm-plugin-fingerprint version 2.30.4 gdm version 2.30.4 gdm-libs version 2.30.4 gdm-plugin-smartcard version 2.30.4 gdm-debuginfo version 2.30.4

Description The issue allows local users to change the ownership of arbitrary files via a symlink attack on a dmrc or face icon file under /var/cache/gdm/. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out locally.

Recommendations For GNOME Display Manager (gdm) versions 2.x through 2.32.0, update to version 2.32.1 or later. For gdm-user-switch-applet version 2.30.4, consider disabling the use of this applet until a patch is available. For gdm-plugin-fingerprint version 2.30.4, restrict access to the fingerprint plugin to minimize the risk of exploitation. For gdm version 2.30.4, gdm-libs version 2.30.4, gdm-plugin-smartcard version 2.30.4, and gdm-debuginfo version 2.30.4, update to a newer version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for gdm3.