CVE-2006-2452 - OpenCVE

GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Gnome	Gdm

Configuration 1 [-]

OR	cpe:2.3:a:gnome:gdm:2.8:::::::*
	cpe:2.3:a:gnome:gdm:2.12:::::::*
	cpe:2.3:a:gnome:gdm:2.14:::::::*
	cpe:2.3:a:gnome:gdm:2.15:::::::*

References

Link	Resource
http://bugzilla.gnome.org/show_bug.cgi?id=343476
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html
http://secunia.com/advisories/20532
http://secunia.com/advisories/20552
http://secunia.com/advisories/20587
http://secunia.com/advisories/20627
http://secunia.com/advisories/20636
http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:100
http://www.securityfocus.com/archive/1/436428
http://www.securityfocus.com/bid/18332
http://www.vupen.com/english/advisories/2006/2239
https://exchange.xforce.ibmcloud.com/vulnerabilities/27018
https://usn.ubuntu.com/293-1/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2006-06-09T10:00:00

Updated: 2018-10-03T20:57:01

Reserved: 2006-05-18T00:00:00

Link: CVE-2006-2452

JSON object: View

NVD Information

Status : Modified

Published: 2006-06-09T10:02:00.000

Modified: 2018-10-03T21:40:57.963

Link: CVE-2006-2452

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-08T00:00:00", "descriptions": [{"lang": "en", "value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "20532", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20532"}, {"name": "SUSE-SR:2006:013", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"}, {"name": "20627", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20627"}, {"name": "ADV-2006-2239", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2239"}, {"name": "USN-293-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/293-1/"}, {"name": "20060608 rPSA-2006-0098-1 gdm", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/436428"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"}, {"name": "GLSA-200606-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"}, {"name": "18332", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18332"}, {"name": "20636", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20636"}, {"name": "gdm-facebrowser-security-bypass(27018)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"}, {"name": "20587", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20587"}, {"name": "20552", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20552"}, {"name": "MDKSA-2006:100", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2006-2452", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20532", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20532"}, {"name": "SUSE-SR:2006:013", "refsource": "SUSE", "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"}, {"name": "20627", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20627"}, {"name": "ADV-2006-2239", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2239"}, {"name": "USN-293-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/293-1/"}, {"name": "20060608 rPSA-2006-0098-1 gdm", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/436428"}, {"name": "http://bugzilla.gnome.org/show_bug.cgi?id=343476", "refsource": "CONFIRM", "url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"}, {"name": "GLSA-200606-14", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"}, {"name": "18332", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18332"}, {"name": "20636", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20636"}, {"name": "gdm-facebrowser-security-bypass(27018)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"}, {"name": "20587", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20587"}, {"name": "20552", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20552"}, {"name": "MDKSA-2006:100", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-2452", "datePublished": "2006-06-09T10:00:00", "dateReserved": "2006-05-18T00:00:00", "dateUpdated": "2018-10-03T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*", "matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:gdm:2.12:*:*:*:*:*:*:*", "matchCriteriaId": "B935ABD7-CCDF-4A23-8899-4243D66E9486", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*", "matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*", "matchCriteriaId": "27A6CC80-BC52-4B39-9424-E96DDA03666E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."}], "id": "CVE-2006-2452", "lastModified": "2018-10-03T21:40:57.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-09T10:02:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"}, {"source": "secalert@redhat.com", "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/20532"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/20552"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/20587"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/20627"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/20636"}, {"source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/436428"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/18332"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2006/2239"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/293-1/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}