CyberSec.Space Logo
Back to CVE Browser

CVE-2009-2697

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile41.91th
PublishedSep 4, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.

Affected Platforms (CPE)

πŸ“¦
Gnome

Gdm

<= 2.16
πŸ“¦
Gnome

Gdm

= 0.7
πŸ“¦
Gnome

Gdm

= 1.0
πŸ“¦
Gnome

Gdm

= 2.0
πŸ“¦
Gnome

Gdm

= 2.2
πŸ“¦
Gnome

Gdm

= 2.3
πŸ“¦
Gnome

Gdm

= 2.4
πŸ“¦
Gnome

Gdm

= 2.5
πŸ“¦
Gnome

Gdm

= 2.6
πŸ“¦
Gnome

Gdm

= 2.8
πŸ“¦
Gnome

Gdm

= 2.13
πŸ“¦
Gnome

Gdm

= 2.14
πŸ“¦
Gnome

Gdm

= 2.15

References & Advisories

πŸ”— http://secunia.com/advisories/36553
πŸ”— http://www.securityfocus.com/bid/36219
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=239818
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586
πŸ”— https://rhn.redhat.com/errata/RHSA-2009-1364.html
πŸ”— http://secunia.com/advisories/36553
πŸ”— http://www.securityfocus.com/bid/36219
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=239818

Related Vulnerabilities

CVE-2000-049110.0

Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or ...

CVE-2018-144247.8

The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, whic...

CVE-2015-74967.2

GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape ke...

CVE-2011-17097.2

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm acco...