NVD Vulnerability Detail

CVE-2011-1709

Summary	GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
Publication Date	June 15, 2011, 2:55 a.m.
Registration Date	Jan. 28, 2021, 4:38 p.m.
Last Update	Nov. 21, 2024, 10:26 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news
2	http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d	Patch
3	http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html
4	http://secunia.com/advisories/44797	Vendor Advisory
5	http://secunia.com/advisories/44808
6	http://www.securityfocus.com/bid/48084
7	http://www.ubuntu.com/usn/USN-1142-1
8	https://bugzilla.redhat.com/show_bug.cgi?id=709139	Patch
9	https://hermes.opensuse.org/messages/8643655
10	http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news
11	https://hermes.opensuse.org/messages/8643655
12	https://bugzilla.redhat.com/show_bug.cgi?id=709139	Patch
13	http://www.ubuntu.com/usn/USN-1142-1
14	http://www.securityfocus.com/bid/48084
15	http://secunia.com/advisories/44808
16	http://secunia.com/advisories/44797	Vendor Advisory
17	http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html
18	http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d	Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN Vulnerability Information

gdm における権限を取得される脆弱性

Title	gdm における権限を取得される脆弱性
Summary	GNOME Display Manager (gdm) は、glib を使用している際、gdm アカウントの uid を有する Web ブラウザの実行を有効にするため、権限を取得される脆弱性が存在します。
Possible impacts	ローカルユーザにより、権限を取得される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	June 14, 2011, midnight
Registration Date	March 27, 2012, 6:43 p.m.
Last Update	March 27, 2012, 6:43 p.m.

Affected System

GNOME Project

gdm 2.32.2 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-1709	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1709
National Vulnerability Database (NVD)
2	CVE-2011-1709	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1709

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
GNOME
1	Top Page	http://www.gnome.org/

Change Log

No	Changed Details	Date of change
0	[2012年03月27日] 掲載	Feb. 17, 2018, 10:37 a.m.