CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-14424

HIGH
7.8
CVSS Severity Score
EPSS Score0.0510%
EPSS Percentile35.01th
Published2018年8月14日
Last Modified2024年11月21日

Vulnerability Description

The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.

Affected Platforms (CPE)

📦
Gnome

Gnome Display Manager

<= 3.29.1

References & Advisories

🔗 http://www.securityfocus.com/bid/105179
🔗 https://gitlab.gnome.org/GNOME/gdm/issues/401
🔗 https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html
🔗 https://usn.ubuntu.com/3737-1/
🔗 https://www.debian.org/security/2018/dsa-4270
🔗 http://www.securityfocus.com/bid/105179
🔗 https://gitlab.gnome.org/GNOME/gdm/issues/401
🔗 https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html

関連する脆弱性情報

CVE-2015-74967.2

GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape ke...

CVE-2011-17097.2

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm acco...

CVE-2013-41696.9

GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack o...

CVE-2011-07276.9

GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack o...