GDM: Local Denial of Service — GLSA 200709-11

GDM can be crashed by a local user, preventing it from managing future displays.

Affected Packages

gnome-base/gdm on all architectures
Affected versions < 2.18.4
Unaffected versions >= 2.18.4, revision >= 2.16.7

Background

GDM is the GNOME display manager.

Description

The result of a g_strsplit() call is incorrectly parsed in the files daemon/gdm.c, daemon/gdmconfig.c, gui/gdmconfig.c and gui/gdmflexiserver.c, allowing for a null pointer dereference.

Impact

A local user could send a crafted message to /tmp/.gdm_socket that would trigger the null pointer dereference and crash GDM, thus preventing it from managing future displays.

Workaround

Restrict the write permissions on /tmp/.gdm_socket to trusted users only after each GDM restart.

Resolution

All GDM users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "gnome-base/gdm"

References

Release Date
September 18, 2007

Latest Revision
September 18, 2007: 01

Severity
low

Exploitable
local

Bugzilla entries