Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 371304 (CVE-2011-1709)

Summary: gnome-base/gdm: Local privilege escalation (CVE-2011-1709)
Product: Gentoo Security Reporter: Tim Sammut (RETIRED) <underling>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: critical CC: alexanderyt, gnome
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d
Whiteboard:
Package list:
Runtime testing required: ---

Description Tim Sammut (RETIRED) gentoo-dev 2011-06-12 20:08:47 UTC 
Patch at $URL. From third party advisory at http://secunia.com/advisories/44797/:

Description

A security issue has been reported in GNOME Display Manager, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issue is caused due to a URI scheme handler configuration error and can be exploited to launch a default browser in a GDM session with the privileges of the GDM user.

The security issue is reported in version 2.32.1 and prior.
Comment 1 Nirbheek Chauhan (RETIRED) gentoo-dev 2011-06-15 07:02:40 UTC 
This applies to the following version range: (2.21, 2.32.1). The current stable is 2.20.x, and this vulnerability doesn't apply to that version. GDM was completely rewritten in the 2.21.x cycle, and all further releases have been hard masked in the tree.

Hence, this security bug doesn't affect us.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-06-18 18:29:20 UTC 
(In reply to comment #1)
> 
> Hence, this security bug doesn't affect us.

Ok, thanks. Closing as INVALID.