FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gdm -- privilege escalation vulnerability

Affected packages
gdm < 2.30.5_2

Details

VuXML ID c6fbd447-59ed-11e0-8d04-0015f2db7bde
Discovery 2011-03-28
Entry 2011-03-29

Sebastian Krahmer reports:

It was discovered that the GNOME Display Manager (gdm) cleared the cache directory, which is owned by an unprivileged user, with the privileges of the root user. A race condition exists in gdm where a local user could take advantage of this by writing to the cache directory between ending the session and the signal to clean up the session, which could lead to the execution of arbitrary code as the root user.

References

CVE Name CVE-2011-0727
URL http://mail.gnome.org/archives/distributor-list/2011-March/msg00008.html
URL https://bugzilla.redhat.com/show_bug.cgi?id=688323