Bug 188333 - CVE-2006-1057 gdm race condition/exploit
CVE-2006-1057 gdm race condition/exploit
Product: Fedora Legacy
Classification: Retired
Component: gdm (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
source=vendorsec, severity=low, 3, NE...
: Security
Depends On:
  Show dependency treegraph
Reported: 2006-04-07 19:53 EDT by David Eisenstein
Modified: 2007-04-18 13:41 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-04-10 15:15:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description David Eisenstein 2006-04-07 19:53:09 EDT
Description of problem:
There is a local root exploit/race condition in gdm >=, in
"daemon/slave.c".  The code that introduces this bug was introduced
in revision 1.261 of that file in gnome's cvs:


Upstream (Brian Cameron) has indicated that this code has been fixed to
go into GDM 2.14.1, which he says they are planning to release on Monday,
April 10th.  From today's cvs comments, it looks like the fix was entered
for revision 1.322 (between revisions 1.320 and 1.322):


This only affects FC3 of the legacy distros, as FC2 and lower are using
gdm <=, and this only affects gdm >=

Version-Release number of selected component (if applicable):

Comment 1 David Eisenstein 2006-05-26 09:11:30 EDT
Hey Josh,

Did RedHat / Fedora address this issue in gdm?  I just noticed this is still
under embargo in legacy...   Need it be?
Comment 2 David Eisenstein 2006-05-26 09:20:30 EDT
Further question, Josh.  Wouldn't this bug affect RHEL 4, since this vul-
nerability affects gdm >=, and RHEL 4 is using gdm
Comment 3 Josh Bressers 2006-05-26 09:23:45 EDT
This issue is public, patches from both of these bugs are needed for a proper fix:

Red Hat is tracking this problem with bug 188303 for FC and bug 188302 for RHEL.

We've released an update for FC5 (which contains a bug ironically enough), but
not for RHEL yet given the low severity of this issue (we'll likely wait for
something else to roll into the update before releasing it)
Comment 4 David Eisenstein 2006-05-26 09:34:10 EDT
Thanks, Josh!  Removing embargo.
Comment 5 Matthew Miller 2007-04-10 15:15:18 EDT
Fedora Core 3 is now completely unmaintained. These bugs can't be fixed in that
version. If the issue still persists in current Fedora Core, please reopen.
Thank you, and sorry about this.

Note You need to log in before you can comment on or make changes to this bug.