OpenCVE

GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnome	Gdm

Configuration 1 [-]

OR	cpe:2.3:a:gnome:gdm:2.8:::::::*
	cpe:2.3:a:gnome:gdm:2.12:::::::*
	cpe:2.3:a:gnome:gdm:2.14:::::::*
	cpe:2.3:a:gnome:gdm:2.15:::::::*

No data.

References

Link	Providers
http://bugzilla.gnome.org/show_bug.cgi?id=343476
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html
http://secunia.com/advisories/20532
http://secunia.com/advisories/20552
http://secunia.com/advisories/20587
http://secunia.com/advisories/20627
http://secunia.com/advisories/20636
http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:100
http://www.securityfocus.com/archive/1/436428
http://www.securityfocus.com/bid/18332
http://www.vupen.com/english/advisories/2006/2239
https://exchange.xforce.ibmcloud.com/vulnerabilities/27018
https://usn.ubuntu.com/293-1/

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2006-06-09T10:00:00

Updated: 2024-08-07T17:51:04.687Z

Reserved: 2006-05-18T00:00:00

Link: CVE-2006-2452

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-06-09T10:02:00.000

Modified: 2018-10-03T21:40:57.963

Link: CVE-2006-2452

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-08T00:00:00", "descriptions": [{"lang": "en", "value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "20532", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20532"}, {"name": "SUSE-SR:2006:013", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"}, {"name": "20627", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20627"}, {"name": "ADV-2006-2239", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2239"}, {"name": "USN-293-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/293-1/"}, {"name": "20060608 rPSA-2006-0098-1 gdm", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/436428"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"}, {"name": "GLSA-200606-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"}, {"name": "18332", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18332"}, {"name": "20636", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20636"}, {"name": "gdm-facebrowser-security-bypass(27018)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"}, {"name": "20587", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20587"}, {"name": "20552", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20552"}, {"name": "MDKSA-2006:100", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2006-2452", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20532", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20532"}, {"name": "SUSE-SR:2006:013", "refsource": "SUSE", "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"}, {"name": "20627", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20627"}, {"name": "ADV-2006-2239", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2239"}, {"name": "USN-293-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/293-1/"}, {"name": "20060608 rPSA-2006-0098-1 gdm", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/436428"}, {"name": "http://bugzilla.gnome.org/show_bug.cgi?id=343476", "refsource": "CONFIRM", "url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"}, {"name": "GLSA-200606-14", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"}, {"name": "18332", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18332"}, {"name": "20636", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20636"}, {"name": "gdm-facebrowser-security-bypass(27018)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"}, {"name": "20587", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20587"}, {"name": "20552", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20552"}, {"name": "MDKSA-2006:100", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:51:04.687Z"}, "title": "CVE Program Container", "references": [{"name": "20532", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20532"}, {"name": "SUSE-SR:2006:013", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"}, {"name": "20627", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20627"}, {"name": "ADV-2006-2239", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2239"}, {"name": "USN-293-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/293-1/"}, {"name": "20060608 rPSA-2006-0098-1 gdm", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/436428"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"}, {"name": "GLSA-200606-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"}, {"name": "18332", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18332"}, {"name": "20636", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20636"}, {"name": "gdm-facebrowser-security-bypass(27018)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"}, {"name": "20587", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20587"}, {"name": "20552", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20552"}, {"name": "MDKSA-2006:100", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-2452", "datePublished": "2006-06-09T10:00:00", "dateReserved": "2006-05-18T00:00:00", "dateUpdated": "2024-08-07T17:51:04.687Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*", "matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:gdm:2.12:*:*:*:*:*:*:*", "matchCriteriaId": "B935ABD7-CCDF-4A23-8899-4243D66E9486", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*", "matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*", "matchCriteriaId": "27A6CC80-BC52-4B39-9424-E96DDA03666E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."}], "id": "CVE-2006-2452", "lastModified": "2018-10-03T21:40:57.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-09T10:02:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"}, {"source": "secalert@redhat.com", "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/20532"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/20552"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/20587"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/20627"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/20636"}, {"source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/436428"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/18332"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2006/2239"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/293-1/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}