CVE-2007-3381 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-3381
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3381

Description: The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.

CVE Status: Candidate

References: ST 1018523 SAID Secunia Advisory: SA26313 Secunia Advisory: SA26368 Secunia Advisory: SA26520 Secunia Advisory: SA26900 Secunia Advisory: SA26879 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0777.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:169 GENTOO http://security.gentoo.org/glsa/glsa-200709-11.xml CONFIRM http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/475451/30/5550/threaded BID 25191

Return to the previous page.