GDM: Privilege escalation — GLSA 200606-14

An authentication error in GDM could allow users to gain elevated privileges.

Affected Packages

gnome-base/gdm on all architectures
Affected versions < 2.8.0.8
Unaffected versions >= 2.8.0.8

Background

GDM is the GNOME display manager.

Description

GDM allows a normal user to access the configuration manager.

Impact

When the "face browser" in GDM is enabled, a normal user can use the "configure login manager" with his/her own password instead of the root password, and thus gain additional privileges.

Workaround

There is no known workaround at this time.

Resolution

All GDM users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=gnome-base/gdm-2.8.0.8"

References

Release Date
June 12, 2006

Latest Revision
June 19, 2006: 02

Severity
high

Exploitable
local

Bugzilla entries