FreeBSD : gdm -- privilege escalation vulnerability (c6fbd447-59ed-11e0-8d04-0015f2db7bde)
Medium Nessus Plugin ID 53217
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionSebastian Krahmer reports :
It was discovered that the GNOME Display Manager (gdm) cleared the cache directory, which is owned by an unprivileged user, with the privileges of the root user. A race condition exists in gdm where a local user could take advantage of this by writing to the cache directory between ending the session and the signal to clean up the session, which could lead to the execution of arbitrary code as the root user.
SolutionUpdate the affected package.