Vulnerability CVE-2017-12164: Information

Description

A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.

Severity: MEDIUM (6.4) Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-12164

Published: July 26, 2018

Modified: Oct. 10, 2019

Error type identifier: CWE-665

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
gdm	sisyphus	3.24.2-alt1	46.2-alt1	ALT-PU-2017-1588-1	182576	Fixed
gdm	p10	3.24.2-alt1	40.1-alt2	ALT-PU-2017-1588-1	182576	Fixed
gdm	p9	3.24.2-alt1	3.32.0-alt1	ALT-PU-2017-1588-1	182576	Fixed
gdm	p8	3.24.3-alt0.M80P.1	3.24.3-alt0.M80P.1	ALT-PU-2017-2193-1	188141	Fixed
gdm	c10f1	3.24.2-alt1	40.1-alt2	ALT-PU-2017-1588-1	182576	Fixed
gdm	c9f2	3.24.2-alt1	3.32.0-alt1	ALT-PU-2017-1588-1	182576	Fixed
gdm	p11	3.24.2-alt1	46.0-alt1	ALT-PU-2017-1588-1	182576	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28	Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164	Issue Tracking Patch Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:gnome:gnome_display_manager:3.24.1:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2017-12164: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1