← back
CVE-2011-1709

CVE-2011-1709

EPSS 0.4%
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.newshttp://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08dhttp://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=709139http://secunia.com/advisories/44797http://secunia.com/advisories/44808https://hermes.opensuse.org/messages/8643655http://www.securityfocus.com/bid/48084http://www.ubuntu.com/usn/USN-1142-1