The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of GDM: format string attack of gdmchooser

Synthesis of the vulnerability 

An attacker with a physical access can generate a format string attack in gdmchooser.
Impacted systems: Fedora, Mandriva Linux, openSUSE, SLES, Unix (platform) ~ not comprehensive.
Severity of this alert: 2/4.
Creation date: 14/12/2006.
Références of this alert: BID-21597, CERTA-2006-AVI-556, CVE-2006-6105, FEDORA-2006-1467, FEDORA-2006-1468, MDKSA-2006:231, SUSE-SR:2006:029, VIGILANCE-VUL-6401.

Description of the vulnerability 

The gdm program (GNOME Display Manager) manages one or several X servers. By default, only the local X server is managed.

When X terminals are installed on network computers, they communicate with gdm using the XDMCP protocol (X Display Manager Control Protocol). In this case, gdm thus manages one local X server and several remote X servers. The gdmchooser program permits to choose the XDMCP application and its host.

By using a malicious hostname in gdmchooser, an attacker can generate a format string attack. Indeed, computer name is incorrectly used as format string.

An attacker with a physical access can thus obtain gdm rights.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security weakness impacts software or systems such as Fedora, Mandriva Linux, openSUSE, SLES, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this threat bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of user console.

An attacker with a expert ability can exploit this threat.

Solutions for this threat 

GDM: versions 2.14.11, 2.16.4 and 2.17.4.
Versions 2.14.11, 2.16.4 are 2.17.4 are corrected:

Fedora Core 5: new gdm packages.
New packages are available:
5e88148d3c4a3f6559fa38d31cb7fde6ce35621c SRPMS/gdm-2.14.11-1.fc5.src.rpm
5e88148d3c4a3f6559fa38d31cb7fde6ce35621c noarch/gdm-2.14.11-1.fc5.src.rpm
ef7241475d123ab982add4c79cc638ec7041e36c ppc/gdm-2.14.11-1.fc5.ppc.rpm
055bcfcd9a9e35842db1b7f12ce951442003498b ppc/debug/gdm-debuginfo-2.14.11-1.fc5.ppc.rpm
318baf29dfaa15b838af076b26452fcf92f061ec x86_64/gdm-2.14.11-1.fc5.x86_64.rpm
719f0e00272f843cd62122eda1d2669454a04669 x86_64/debug/gdm-debuginfo-2.14.11-1.fc5.x86_64.rpm
1537e747a82c582081ccac330ad99428069fa797 i386/gdm-2.14.11-1.fc5.i386.rpm
b3a40b2f38fd33cf237f7f2359cd6db67a614983 i386/debug/gdm-debuginfo-2.14.11-1.fc5.i386.rpm

Fedora Core 6: new gdm packages.
New packages are available:
6dd4841584c1bd3976e19a579abeee2b5dc3b44e SRPMS/gdm-2.16.4-1.fc6.src.rpm
6dd4841584c1bd3976e19a579abeee2b5dc3b44e noarch/gdm-2.16.4-1.fc6.src.rpm
7bcee4598ec29ed01b99b4b4bffa31d13334d4e8 ppc/debug/gdm-debuginfo-2.16.4-1.fc6.ppc.rpm
1d81cb6351a2db4534f8a04d48336d7b20fe091e ppc/gdm-2.16.4-1.fc6.ppc.rpm
37ebcfecfec8660dbdb51be38c733985a6680999 x86_64/debug/gdm-debuginfo-2.16.4-1.fc6.x86_64.rpm
69ebf550a661ed36c835bc1ce1c7c5eda9c07e78 x86_64/gdm-2.16.4-1.fc6.x86_64.rpm
949e17300ba57c4ca3ec74a00ca406dab6b00053 i386/debug/gdm-debuginfo-2.16.4-1.fc6.i386.rpm
ac46bdad655a87329dae950719701d75bef6f269 i386/gdm-2.16.4-1.fc6.i386.rpm

Mandriva: new gdm packages.
New packages are available:
 Mandriva Linux 2007.0:
 fa245d14d410ec1447e416bfa83e8f8b 2007.0/i586/gdm-2.16.0-2.1mdv2007.0.i586.rpm
 aa3e3845491fec59b81e3dfd3002926d 2007.0/i586/gdm-Xnest-2.16.0-2.1mdv2007.0.i586.rpm
 5b0f4d242a3e34d7ab9b8fe1098ec226 2007.0/SRPMS/gdm-2.16.0-2.1mdv2007.0.src.rpm
 Mandriva Linux 2007.0/X86_64:
 9fcd84e9208055d8692931528f52b0d3 2007.0/x86_64/gdm-2.16.0-2.1mdv2007.0.x86_64.rpm
 5b2499806469f41f6c32a59102212994 2007.0/x86_64/gdm-Xnest-2.16.0-2.1mdv2007.0.x86_64.rpm
 5b0f4d242a3e34d7ab9b8fe1098ec226 2007.0/SRPMS/gdm-2.16.0-2.1mdv2007.0.src.rpm

SUSE: new koffice, squirrelmail, evince, novell-lum, gdm packages.
New packages are available via YaST and FTP.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a cybersecurity watch. The technology watch team tracks security threats targeting the computer system.