CyberSec.Space Logo
Back to CVE Browser

CVE-2018-14424

HIGH
7.8
CVSS Severity Score
EPSS Score0.0510%
EPSS Percentile35.01th
PublishedAug 14, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.

Affected Platforms (CPE)

πŸ“¦
Gnome

Gnome Display Manager

<= 3.29.1

References & Advisories

πŸ”— http://www.securityfocus.com/bid/105179
πŸ”— https://gitlab.gnome.org/GNOME/gdm/issues/401
πŸ”— https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html
πŸ”— https://usn.ubuntu.com/3737-1/
πŸ”— https://www.debian.org/security/2018/dsa-4270
πŸ”— http://www.securityfocus.com/bid/105179
πŸ”— https://gitlab.gnome.org/GNOME/gdm/issues/401
πŸ”— https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html

Related Vulnerabilities

CVE-2015-74967.2

GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape ke...

CVE-2011-17097.2

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm acco...

CVE-2013-41696.9

GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack o...

CVE-2011-07276.9

GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack o...