PT-2018-5374 · Gnome+1 · Gdm+1

Cedric Buissart

Published

2017-05-11

Updated

2024-06-15

CVE-2017-12164

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions gdm version 3.24.1

Description A flaw was discovered in gdm where the gdm greeter was no longer setting the ran once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.

Recommendations For gdm version 3.24.1, update to a version where the gdm greeter correctly sets the ran once boolean during autologin to prevent attackers from unlocking screens by selecting 'login as another user'.

Fix

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-592CWE-665

Related Identifiers

ALT-PU-2017-1588

ALT-PU-2017-2192

CVE-2017-12164

MGASA-2018-0056

OPENSUSE-SU-2024:10780-1

Affected Products

Alt Linux

Gdm

PT-2018-5374 · Gnome+1 · Gdm+1

CVE-2017-12164

Weakness Enumeration

Related Identifiers

Affected Products

References · 20