|
|
CVE Reference: CVE-2007-3381 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-3381 |
|
|
Description: The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/. |
|
|
CVE Status: Candidate |
|
|
References: ST 1018523 SAID Secunia Advisory: SA26313 Secunia Advisory: SA26368 Secunia Advisory: SA26520 Secunia Advisory: SA26900 Secunia Advisory: SA26879 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0777.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10887 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:169 GENTOO http://security.gentoo.org/glsa/glsa-200709-11.xml CONFIRM http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/475451/30/5550/threaded BID 25191 |
|
| Return to the previous page. |
