The result of a g_strsplit() call is incorrectly parsed in the files
daemon/gdm.c, daemon/gdmconfig.c, gui/gdmconfig.c and
gui/gdmflexiserver.c, allowing for a null pointer dereference.
Impact
======
A local user could send a crafted message to /tmp/.gdm_socket that
would trigger the null pointer dereference and crash GDM, thus
preventing it from managing future displays.
Workaround
==========
Restrict the write permissions on /tmp/.gdm_socket to trusted users
only after each GDM restart.
Resolution
==========
All GDM users should upgrade to the latest version:
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
Gentoo Linux Security Advisory GLSA 200709-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: GDM: Local Denial of Service
Date: September 18, 2007
Bugs: #187919
ID: 200709-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
GDM can be crashed by a local user, preventing it from managing future
displays.
Background
==========
GDM is the GNOME display manager.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 gnome-base/gdm < 2.18.4 >= 2.18.4
*>= 2.16.7
Description
===========
The result of a g_strsplit() call is incorrectly parsed in the files
daemon/gdm.c, daemon/gdmconfig.c, gui/gdmconfig.c and
gui/gdmflexiserver.c, allowing for a null pointer dereference.
Impact
======
A local user could send a crafted message to /tmp/.gdm_socket that
would trigger the null pointer dereference and crash GDM, thus
preventing it from managing future displays.
Workaround
==========
Restrict the write permissions on /tmp/.gdm_socket to trusted users
only after each GDM restart.
Resolution
==========
All GDM users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose "gnome-base/gdm"
References
==========
[ 1 ] CVE-2007-3381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3381
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200709-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iQEVAwUBRvBEQzvRww8BFPxFAQLq4wf+JG7GQG+jBZySYXUd+EHKgF+kOYz+U/dW
UCBKbTVsVIZMzychdEm4XwDdAOjWXkMFMJsj9X9uIgbpA48a+k/d936QOkD1eAaE
9mc+IF+aHxCjlPhnET/3ywlO8YJvO9Sv1aDEWL9U9TpeMmZK76FtaIOPfrXx/1sY
ZZUfhXdR9LoDy/lz0zNFPqPpyOpOgTJpKuiDtCO3hMgEanf7UUkcFqBVCe0V+E1v
xteuf1EC2SdBQAtK96b70LWmI+va+w3OfwI0sgwfp0OkxSJrFlV09i11dGKaoISO
+d56c2sS7SPNTObuk3rOF8eLDqP1E9IjkjimX0xztCWXN6NA46SKWA==
=XEty
-----END PGP SIGNATURE-----
[ reply ]