Ubuntu 11.04 : gdm vulnerability (USN-1142-1)

High Nessus Plugin ID 55105


The remote Ubuntu host is missing a security-related patch.


Henne Vogelsang discovered that under certain PolicyKit configurations, GDM could be made to launch a browser. A local attacker could exploit this to gain access to files with the privileges of the gdm user. PolicyKit is not configured in this manner in Ubuntu by default.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected gdm package.

Plugin Details

Severity: High

ID: 55105

File Name: ubuntu_USN-1142-1.nasl

Version: $Revision: 1.7 $

Type: local

Agent: unix

Published: 2011/06/13

Modified: 2016/05/27

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:gdm, cpe:/o:canonical:ubuntu_linux:11.04

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Patch Publication Date: 2011/06/01

Reference Information

CVE: CVE-2011-1709

OSVDB: 73035

USN: 1142-1