• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: GDM Xsession-Errors Insecure File Handling Vulnerability

Severity: MODERATE

Description:

Gnome Display Manager (GDM) is a utility harnessed by Gnome to manage various functions when interfacing with X.

It has been reported that, under some circumstances GDM (Gnome Display Manager) is prone to an insecure file handling vulnerability. GDM is installed as a setuid root binary. As a result, an attacker may be capable of disclosing the contents of a privileged file.

The issue can be exploited through the use of GDM's "examine session errors" feature, which displays the contents of the '.xsession-errors' file located in the invoking user's home directory. Due to insufficient sanity checks when handling this file, it is possible for an attacker to replace the file with a symbolic link to an arbitrary file.

A local attacker may exploit this issue to harvest potentially sensitive data, for example password hashes, or sensitive system configuration data. The attacker may use data collected in this way to aid in further attacks launched against the target system.

This vulnerability has been reported to affect versions of GDM prior to 2.4.1.6, which have "examine session errors" functionality.

Affected Products:

• Conectiva Linux 9.0.0
• MandrakeSoft Corporate Server 2.1.0
• MandrakeSoft Corporate Server 2.1.0 x86_64
• MandrakeSoft Linux Mandrake 9.0.0
• MandrakeSoft Linux Mandrake 9.1.0
• MandrakeSoft Linux Mandrake 9.1.0 ppc
• Martin K. Peterson gdm 2.4.1 .1
• Martin K. Peterson gdm 2.4.1 .2
• Martin K. Peterson gdm 2.4.1 .3
• Martin K. Peterson gdm 2.4.1 .4
• Martin K. Peterson gdm 2.4.1 .5
• Martin K. Peterson gdm 2.4.1 .6
• Martin K. Peterson gdm 2.4.1 0
• RedHat Linux 8.0.0 i386
• RedHat Linux 9.0.0 i386
• RedHat gdm-2.4.0.7-13.i386.rpm
• RedHat gdm-2.4.1.3-5.i386.rpm
• SOTLinux SOTLinux 2003 Desktop
• SOTLinux SOTLinux 2003 Server

References:

• Red Hat: RHSA-2003-259
• SOTLinux: SLSA-2003:37

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.