CVEブラウザに戻る

CVE-2009-2697

MEDIUM

6.8

CVSS Severity Score

EPSS Score0.1930%

EPSS Percentile41.91th

Published2009年9月4日

Last Modified2026年4月23日

Vulnerability Description

The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.

Affected Platforms (CPE)

📦

Gnome

Gdm

<= 2.16

📦

Gnome

Gdm

= 0.7

📦

Gnome

Gdm

= 1.0

📦

Gnome

Gdm

= 2.0

📦

Gnome

Gdm

= 2.2

📦

Gnome

Gdm

= 2.3

📦

Gnome

Gdm

= 2.4

📦

Gnome

Gdm

= 2.5

📦

Gnome

Gdm

= 2.6

📦

Gnome

Gdm

= 2.8

📦

Gnome

Gdm

= 2.13

📦

Gnome

Gdm

= 2.14

📦

Gnome

Gdm

= 2.15

References & Advisories

🔗 http://secunia.com/advisories/36553

🔗 http://www.securityfocus.com/bid/36219

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=239818

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9586

🔗 https://rhn.redhat.com/errata/RHSA-2009-1364.html

🔗 http://secunia.com/advisories/36553

🔗 http://www.securityfocus.com/bid/36219

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=239818

関連する脆弱性情報

CVE-2000-049110.0

Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or ...

CVE-2018-144247.8

The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, whic...

CVE-2015-74967.2

GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape ke...

CVE-2011-17097.2

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm acco...