GDM Xsession-Errors Insecure File Handling Vulnerability

It has been reported that, under some circumstances GDM (Gnome Display Manager) is prone to an insecure file handling vulnerability. GDM is installed as a setuid root binary. As a result, an attacker may be capable of disclosing the contents of a privileged file.

The issue can be exploited through the use of GDM's "examine session errors" feature, which displays the contents of the '.xsession-errors' file located in the invoking users home directory. Due to insufficient sanity checks when handling this file, it is supposedly possible for an attacker to replace the file with a symbolic link to an arbitrary file. This will effectively result in the disclosure of the file's contents, potentially revealing sensitive system information to an unprivileged user.


Privacy Statement
Copyright 2010, SecurityFocus