Security Information / 2011 / Security Information -- DSA-2205-1 gdm3

Debian Security Advisory

DSA-2205-1 gdm3 -- privilege escalation

Date Reported:

28 Mar 2011

Affected Packages:

gdm3

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2011-0727.

More information:

Sebastian Krahmer discovered that GDM 3, the GNOME Display Manager, does not properly drop privileges when manipulating files related to the logged-in user. As a result, local users can gain root privileges.

The oldstable distribution (lenny) does not contain a gdm3 package. The gdm package is not affected by this issue.

For the stable distribution (squeeze), this problem has been fixed in version 2.30.5-6squeeze2.

For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your gdm3 packages.