Vulnerability CVE-2017-12164: Information
Description
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
Severity: MEDIUM (6.4) Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
gdm | sisyphus | 3.24.2-alt1 | 46.2-alt1 | ALT-PU-2017-1588-1 | 182576 | Fixed |
gdm | p10 | 3.24.2-alt1 | 40.1-alt2 | ALT-PU-2017-1588-1 | 182576 | Fixed |
gdm | p9 | 3.24.2-alt1 | 3.32.0-alt1 | ALT-PU-2017-1588-1 | 182576 | Fixed |
gdm | p8 | 3.24.3-alt0.M80P.1 | 3.24.3-alt0.M80P.1 | ALT-PU-2017-2193-1 | 188141 | Fixed |
gdm | c10f1 | 3.24.2-alt1 | 40.1-alt2 | ALT-PU-2017-1588-1 | 182576 | Fixed |
gdm | c9f2 | 3.24.2-alt1 | 3.32.0-alt1 | ALT-PU-2017-1588-1 | 182576 | Fixed |
gdm | p11 | 3.24.2-alt1 | 46.0-alt1 | ALT-PU-2017-1588-1 | 182576 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28 |
|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164 |
|