CVE-2018-14424 - OpenCVE

The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Gnome	Gnome Display Manager

Configuration 1 [-]

cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/105179	Third Party Advisory VDB Entry
https://gitlab.gnome.org/GNOME/gdm/issues/401	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html	Mailing List
https://usn.ubuntu.com/3737-1/	Third Party Advisory
https://www.debian.org/security/2018/dsa-4270	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-08-14T16:00:00

Updated: 2018-09-06T09:57:01

Reserved: 2018-07-19T00:00:00

Link: CVE-2018-14424

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-08-14T18:29:00.493

Modified: 2018-10-18T20:21:10.053

Link: CVE-2018-14424

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-08-13T00:00:00", "descriptions": [{"lang": "en", "value": "The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-06T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1494-1] gdm3 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gitlab.gnome.org/GNOME/gdm/issues/401"}, {"name": "USN-3737-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3737-1/"}, {"name": "DSA-4270", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4270"}, {"name": "105179", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105179"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14424", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1494-1] gdm3 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html"}, {"name": "https://gitlab.gnome.org/GNOME/gdm/issues/401", "refsource": "CONFIRM", "url": "https://gitlab.gnome.org/GNOME/gdm/issues/401"}, {"name": "USN-3737-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3737-1/"}, {"name": "DSA-4270", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4270"}, {"name": "105179", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105179"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14424", "datePublished": "2018-08-14T16:00:00", "dateReserved": "2018-07-19T00:00:00", "dateUpdated": "2018-09-06T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "223C2173-16DB-49AE-96C0-22C50634255E", "versionEndIncluding": "3.29.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution."}, {"lang": "es", "value": "El demonio en GDM hasta la versi\u00f3n 3.29.1 no desexporta correctamente objetos display desde su interfaz D-Bus cuando se destruyen. Esto permite que un atacante local desencadene un uso de memoria previamente liberada mediante una secuencia especialmente manipulada de llamadas del m\u00e9todo D-Bus, lo que resulta en una denegaci\u00f3n de servicio (DoS) o en la potencial ejecuci\u00f3n de c\u00f3digo."}], "id": "CVE-2018-14424", "lastModified": "2018-10-18T20:21:10.053", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-14T18:29:00.493", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105179"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gitlab.gnome.org/GNOME/gdm/issues/401"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3737-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4270"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}