CVE-2011-0727

Publication date 29 March 2011

Last updated 24 July 2024

GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
gdm	10.10 maverick	Fixed 2.30.5-0ubuntu4.1
	10.04 LTS lucid	Fixed 2.30.2.is.2.30.0-0ubuntu5.1
	9.10 karmic	Fixed 2.28.1-0ubuntu2.3
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Ignored

How can I get the fixes?
What do statuses mean?
Patch details

Notes

sbeattie

hardy's gdm does not contain the relevant code.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
gdm	Upstream: ?h=gnom

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1099-1
GDM vulnerability
30 March 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-0727