The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Gnome
  • Gdm
Redhat
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:a:gnome:gdm:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:0.7:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14.7:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14.8:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14.9:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14.10:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14.11:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.16.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.16.2:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.18.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.18.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.18.3:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.19.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.19.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.19.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.19.4:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 5
gdm-1:2.16.0-31.0.1.el5 cpe:/o:redhat:enterprise_linux:5 RHSA-2007:0777 2007-08-07T00:00:00Z
References
Link Providers
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news cve-icon cve-icon
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes cve-icon cve-icon
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news cve-icon cve-icon
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news cve-icon cve-icon
http://secunia.com/advisories/26313 cve-icon cve-icon
http://secunia.com/advisories/26368 cve-icon cve-icon
http://secunia.com/advisories/26520 cve-icon cve-icon
http://secunia.com/advisories/26879 cve-icon cve-icon
http://secunia.com/advisories/26900 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200709-11.xml cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2007:169 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2007-0777.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/475451/30/5550/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/25191 cve-icon cve-icon
http://www.securitytracker.com/id?1018523 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/2781 cve-icon cve-icon
https://issues.rpath.com/browse/RPL-1599 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2007-3381 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2007-3381 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-07T14:14:12.887Z

Reserved: 2007-06-25T00:00:00

Link: CVE-2007-3381

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2007-08-07T10:17:00.000

Modified: 2024-11-21T00:33:05.940

Link: CVE-2007-3381

cve-icon Redhat

Severity : Moderate

Publid Date: 2007-07-30T00:00:00Z

Links: CVE-2007-3381 - Bugzilla