GNOME GDM "face browser" Configure Login Manager security bypass

gdm-facebrowser-security-bypass (27018)

Medium Risk

Description:

GNOME Display Manager (GDM) could allow a local attacker to bypass security restrictions and gain unauthorized access to the "Configure Login Manager" functionality. If the "face browser" feature is enabled, an attacker could login to the "Configure Login Manager" functionality using their own password instead of the root password, which is usually required. An attacker could exploit this vulnerability to gain elevated privileges on the system.

Platforms Affected:

• Canonical, Ubuntu 5.10
• Canonical, Ubuntu 6.06 LTS
• Gentoo, Linux
• GNOME, GNOME Display Manager (GDM) 2.14.x
• GNOME, GNOME Display Manager (GDM) 2.15.x
• GNOME, GNOME Display Manager (GDM) 2.8.x
• MandrakeSoft, Mandrake Linux 2006
• MandrakeSoft, Mandrake Linux 2006 X86_64
• rPath, rPath Linux 1

Remedy:

Upgrade to the latest version of GDM (2.8.0.8 or later), (2.14.8 or later) or (2.15.5 or later), available from the GNOME Web site. See References.

For Ubuntu Linux:
Refer to USN-293-1 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2006-06-14 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for patch or upgrade information.

Consequences:

Bypass Security

References:

• BugTraq Mailing List, Thu Jun 08 2006 - 09:43:30 CDT , rPSA-2006-0098-1 gdm at http://archives.neohapsis.com/archives/bugtraq/2006-06/0087.html.
• GNOME Bug 343476, CRITICAL ERROR IN GDM! : GDM Allow to an ordinary user access to "Configure Login Manager..." at http://bugzilla.gnome.org/show_bug.cgi?id=343476.
• GNOME Web site, Index of /pub/gnome/sources/gdm at http://ftp.gnome.org/pub/gnome/sources/gdm/.
• BID-18332: GNOME Foundation GDM Configure Login Manager Authentication Bypass Vulnerability
• CVE-2006-2452: GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the face browser feature is enabled, allows local users to access the Configure Login Manager functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
• GLSA-200606-14: GDM: Privilege escalation
• MDKSA-2006:100: Updated gdm packages fix vulnerability
• SA20532: GNOME Display Manager Configuration GUI Access Vulnerability
• SUSE-SR:2006:013: SUSE Security Summary Report
• USN-293-1: gdm vulnerability
• VUPEN/ADV-2006-2239: GNOME Display Manager Configure Login Manager Security Bypass Vulnerability

Reported:

Jun 08, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2009 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page