Advisory ID
Betroffene Versionen
9.1 i586 , CS2.1 i586 , 9.1 i586 , 9.0 i586 , CS2.1 x86_64


Several vulnerabilities were discovered in versions of gdm prior to The first vulnerability is that any user can read any text file on the system due to code originally written to be run as the user logging in was in fact being run as the root user. This code is what allows the examination of the ~/.xsession-errors file. If a user makes a symlink from this file to any other file on the system during the session and ensures that the session lasts less than ten seconds, the user can read the file provided it was readable as a text file. Another two vulnerabilities were found in the XDMCP code that could be exploited to crash the main gdm daemon which would inhibit starting any new sessions (although the current session would be unaffected). The first problem here is due to the indirect query structure being used right after being freed due to a missing 'continue' statement in a loop; this happens if a choice of server expired and the client tried to connect. The second XDMCP problem is that when authorization data is being checked as a string, the length is not checked first. If the data is less than 18 bytes long, the daemon may wander off the end of the string a few bytes in the strncmp which could cause a SEGV. These updated packages bring gdm to version which is not vulnerable to any of these problems. Also note that XDMCP support is disabled by default in gdm.

Aktualisierte Pakete

9.1 i586

 0cb8fbd74766c4d0036cab36d57b6081  ppc/9.1/RPMS/gdm-
fb0df358c4d6c9a7cf3982c4d3258004  ppc/9.1/RPMS/gdm-Xnest-
91f0ff2421135e32f604d6cb82081439  ppc/9.1/SRPMS/gdm-

CS2.1 i586

 47a2d84bfff0e842657e789e085b434d  corporate/2.1/RPMS/gdm-
8536d89374219e42ad6ca6c441ffb0d1  corporate/2.1/RPMS/gdm-Xnest-
35ab7f8231548f1daa4571bfb5e77054  corporate/2.1/SRPMS/gdm-

9.1 i586

 9d8a97cc5f475f16eeb73caa9d7d8e6b  9.1/RPMS/gdm-
4f866c5b5b4903d1b0751bcb6dc28d0f  9.1/RPMS/gdm-Xnest-
91f0ff2421135e32f604d6cb82081439  9.1/SRPMS/gdm-

9.0 i586

 47a2d84bfff0e842657e789e085b434d  9.0/RPMS/gdm-
8536d89374219e42ad6ca6c441ffb0d1  9.0/RPMS/gdm-Xnest-
35ab7f8231548f1daa4571bfb5e77054  9.0/SRPMS/gdm-

CS2.1 x86_64

 252fc231c85e88411ca50a05f0404688  x86_64/corporate/2.1/RPMS/gdm-
3f8b47c14e0d7fc4c2d76171e3ee0b5a  x86_64/corporate/2.1/RPMS/gdm-Xnest-
35ab7f8231548f1daa4571bfb5e77054  x86_64/corporate/2.1/SRPMS/gdm-