Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Ubuntu 11.04 USN-1142-1 Critical: GDM Information Leak Attack

Calendar Jun 01, 2011 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory information leak local exploit ubuntu gdm
GDM could be made to launch a browser and leak information about the system. 
=========================================================================Ubuntu Security Notice USN-1142-1
June 01, 2011

gdm vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04

Summary:

GDM could be made to launch a browser and leak information about the system.

Software Description:
- gdm: GNOME Display Manager

Details:

Henne Vogelsang discovered that under certain PolicyKit configurations, GDM
could be made to launch a browser. A local attacker could exploit this to
gain access to files with the privileges of the gdm user. PolicyKit is not
configured in this manner in Ubuntu by default.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
  gdm                             2.32.1-0ubuntu3.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  CVE-2011-1709

Package Information:
  https://launchpad.net/ubuntu/+source/gdm/2.32.1-0ubuntu3.2

Ubuntu 11.04 USN-1142-1 Critical: GDM Information Leak Attack

ubuntu
Calendar Grey June 1, 2011
Dist Ubuntu Esm H88
GDM flaw in Ubuntu may enable local adversaries to extract system details through a web browser.
GDM could be made to launch a browser and leak information about the system.

Summary

Topics%20covered

Topics Covered

security advisory information leak local exploit ubuntu gdm

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: gdm 2.32.1-0ubuntu3.2 After a standard system update you need to reboot your computer to make all the necessary changes.

References

CVE-2011-1709

Severity
critical
Lowest
Low
Medium
High
Critical

June 01, 2011

Topics%20covered

Topics Covered

security advisory information leak local exploit ubuntu gdm

Package Information

https://launchpad.net/ubuntu/+source/gdm/2.32.1-0ubuntu3.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here