GLSA-200709-11 : GDM: Local Denial of Service

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200709-11
(GDM: Local Denial of Service)

The result of a g_strsplit() call is incorrectly parsed in the files
daemon/gdm.c, daemon/gdmconfig.c, gui/gdmconfig.c and
gui/gdmflexiserver.c, allowing for a NULL pointer dereference.

Impact :

A local user could send a crafted message to /tmp/.gdm_socket that
would trigger the NULL pointer dereference and crash GDM, thus
preventing it from managing future displays.

Workaround :

Restrict the write permissions on /tmp/.gdm_socket to trusted users
only after each GDM restart.

See also :

Solution :

All GDM users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose 'gnome-base/gdm'

Risk factor :

Low / CVSS Base Score : 1.5

Family: Gentoo Local Security Checks

Nessus Plugin ID: 26101 (gentoo_GLSA-200709-11.nasl)

Bugtraq ID:

CVE ID: CVE-2007-3381

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now