Red Hat Bugzilla – Bug 188333
CVE-2006-1057 gdm race condition/exploit
Last modified: 2007-04-18 13:41:22 EDT
Description of problem:
There is a local root exploit/race condition in gdm >= 220.127.116.11, in
"daemon/slave.c". The code that introduces this bug was introduced
in revision 1.261 of that file in gnome's cvs:
Upstream (Brian Cameron) has indicated that this code has been fixed to
go into GDM 2.14.1, which he says they are planning to release on Monday,
April 10th. From today's cvs comments, it looks like the fix was entered
for revision 1.322 (between revisions 1.320 and 1.322):
This only affects FC3 of the legacy distros, as FC2 and lower are using
gdm <= 18.104.22.168, and this only affects gdm >= 22.214.171.124.
Version-Release number of selected component (if applicable):
Did RedHat / Fedora address this issue in gdm? I just noticed this is still
under embargo in legacy... Need it be?
Further question, Josh. Wouldn't this bug affect RHEL 4, since this vul-
nerability affects gdm >= 126.96.36.199, and RHEL 4 is using gdm 188.8.131.52?
This issue is public, patches from both of these bugs are needed for a proper fix:
Red Hat is tracking this problem with bug 188303 for FC and bug 188302 for RHEL.
We've released an update for FC5 (which contains a bug ironically enough), but
not for RHEL yet given the low severity of this issue (we'll likely wait for
something else to roll into the update before releasing it)
Thanks, Josh! Removing embargo.
Fedora Core 3 is now completely unmaintained. These bugs can't be fixed in that
version. If the issue still persists in current Fedora Core, please reopen.
Thank you, and sorry about this.