GDM denial of service
|gdm-dos (13447)||Medium Risk|
GNOME Display Manager (GDM) is vulnerable to a denial of service. A local attacker could send a number of bytes to gdm to consume all available memory and cause gdm to hang or crash.
Denial of Service
For Mandrake Linux:
Upgrade to the latest gdm package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2003:100 : gdm for more information. See References.
Mandrake Linux 9.2: 220.127.116.11-2.1.92mdk
Mandrake Linux 9.1: 18.104.22.168-0.4.91mdk or later
Mandrake Linux Corporate Server 2.1: 22.214.171.124-0.4.90mdk or later
For Conectiva Linux:
Upgrade to the latest gdm package, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2003:766 for more information. See References.
Conectiva Linux 8: 126.96.36.199-3U80_2cl or later
Conectiva Linux 9: 188.8.131.52-27238U90_2cl or later
For Slackware Linux:
Upgrade to the latest gdm package, as listed below. Refer to slackware-security Mailing List, Mon, 27 Oct 2003 12:07:30 -0800 (PST) for more information. See References.
Slackware Linux 9.0: 184.108.40.206 or later
Slackware Linux 9.1 and -current: 220.127.116.11 or later
For other distributions:
Contact your vendor for upgrade or patch information.
- Conectiva Linux Security Announcement CLSA-2003:766: gdm.
- slackware-security Mailing List, Mon, 27 Oct 2003 12:07:30 -0800 (PST): gdm security update (SSA:2003-300-01).
- BID-8846: Multiple GDM Local Denial Of Service Vulnerabilities
- CVE-2003-0793: GDM 2.4.4.x before 18.104.22.168, and 2.4.1.x before 22.214.171.124, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
- MDKSA-2003:100: Updated gdm packages fix local vulnerabilities
- OSVDB ID: 2683: GDM Input Size Memory Consumption Local DoS
- Conectiva Linux 8.0
- Conectiva Linux 9.0
- GNOME GNOME Display Manager (GDM) prior to 126.96.36.199
- MandrakeSoft Mandrake Linux 9.1
- MandrakeSoft Mandrake Linux 9.1 PPC
- MandrakeSoft Mandrake Linux 9.2
- MandrakeSoft Mandrake Linux Corporate Server 2.1
- MandrakeSoft Mandrake Linux Corporate Server 2.1 X86_64
- Slackware Slackware Linux 9.0
- Slackware Slackware Linux 9.1
- Slackware Slackware Linux current
Oct 16, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this