CVE-2010-2387
Published: 21 December 2012
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
Priority
Status
Package | Release | Status |
---|---|---|
gdm Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
(2.30.2.is.2.30.0-0ubuntu5.2)
|
|
oneiric |
Not vulnerable
(3.0.4-0ubuntu11)
|
|
precise |
Not vulnerable
(3.0.4-0ubuntu15)
|
|
quantal |
Not vulnerable
(3.6.1-0ubuntu1)
|
|
upstream |
Released
(2.20.11)
|
|
Patches: upstream: https://bugzilla.gnome.org/attachment.cgi?id=161016 |
References
- http://www.auscert.org.au/13123
- https://bugzilla.gnome.org/show_bug.cgi?id=571846
- https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure
- http://xforce.iss.net/xforce/xfdb/60642
- http://secunia.com/advisories/40780
- http://secunia.com/advisories/40690
- http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes
- https://www.cve.org/CVERecord?id=CVE-2010-2387
- NVD
- Launchpad
- Debian