SecurityTracker: GNOME Display Manager (gdm) Lets Local Users View Files With Root Privileges

Aug 21 2003	(Red Hat Issues Fix) GNOME Display Manager (gdm) Lets Local Users View Files With Root Privileges (bugzilla@redhat.com) Red Hat has released a fix.
Aug 22 2003	(Mandrake Issues Fix) GNOME Display Manager (gdm) Lets Local Users View Files With Root Privileges (Mandrake Linux Security Team <security@linux-mandrake.com>) Mandrake has released a fix.
Aug 25 2003	(Slackware Issues Fix) GNOME Display Manager (gdm) Lets Local Users View Files With Root Privileges (Slackware Security Team <security@slackware.com>) Slackware has released a fix.

Source Message Contents

Date: Thu, 21 Aug 2003 17:06:19 -0400
Subject: GDM

From: gnomedisplaymanager@freshmeat.net
Newsgroups: fm.announce
Subject: Gnome Display Manager 2.4.1.6  - Gnome version of the X Display Manager (xdm).
Date: Thu, 21 Aug 2003 00:36:50 +0000 (UTC)
Organization: freshmeat.net
Lines: 45
Sender: gnomedisplaymanager@freshmeat.net
Message-ID: <1061426207@freshmeat.net>
References: <1042652410@freshmeat.net> <1006513269@freshmeat.net> 
<1004670821@freshmeat.net> <1004127248@freshmeat.net> <999485449@freshmeat.net> 
<997800243@freshmeat.net> <994692928@freshmeat.net> <991495505@freshmeat.net> 
<990968002@freshmeat.net> <939768328@freshmeat.net>
NNTP-Posting-Host: freshmeat.net
X-Trace: mail.freshmeat.net 1061426210 14710 66.35.250.165 (21 Aug 2003 00:36:50 GMT)
X-Complaints-To: usenet@freshmeat.net
NNTP-Posting-Date: Thu, 21 Aug 2003 00:36:50 +0000 (UTC)

Gnome Display Manager 2.4.1.6
   by _vicious_ (http://freshmeat.net/~vicious/)
   Wednesday, August 20th 2003 17:36

About:
The Gnome Display Manager is a reimplementation of the well known xdm
program. GDM consists of a daemon and a graphical login application which
runs as an unpriviledged user. The login GUI features a face browser, an
optional logo, and language/session type selection support. The daemon
includes an XDMCP implementation for managing remote displays. Access
control relies on TCPWrappers and PAM.

Changes:
The fixes since 2.4.1.5 include three security fixes. All users are
encouraged to upgrade. The problems involved users being able to view any
file and two XDMCP DoS attacks.

Release focus: Major security fixes
       License: GNU General Public License (GPL)
   Project URL: http://freshmeat.net/projects/gnomedisplaymanager/

             Homepage: 
http://freshmeat.net/redir/gnomedisplaymanager/3444/url_homepage/gdm.html
               Tar/GZ: http://freshmeat.net/redir/gnomedisplaymanager/3444/url_tgz/2.4
              Tar/BZ2: http://freshmeat.net/redir/gnomedisplaymanager/3444/url_bz2/2.4
            Changelog: http://freshmeat.net/redir/gnomedisplaymanager/3444/url_changelog/NEWS
          RPM package: 
http://freshmeat.net/redir/gnomedisplaymanager/3444/url_rpm/search.php?query=gdm&submit=Search+...
       Debian package: 
http://freshmeat.net/redir/gnomedisplaymanager/3444/url_deb/search_packages.pl?keywords=gdm&searchon=names&subword=1&version=all&release=all
    CVS tree (cvsweb): http://freshmeat.net/redir/gnomedisplaymanager/3444/url_cvs/gdm2
          Mirror site: http://freshmeat.net/redir/gnomedisplaymanager/3444/url_mirror/gdm

____________________________| Advertising |____________________________
Got the debugger blues?

Try Etnus TotalView, the Best Linux/UNIX debugger
on the planet.  With superior C++ support, the best thread debugging
available, a great GUI, and more useful features than any other debugger,
TotalView helps reveal bugs faster than any other debugger.  And it
provides more insight and analysis about your code and your data.  So cure
the debugger
blues.  Get your free 15-day trial at

http://www.etnus.com/Download/demo-tv.html
____________________________| Advertising |____________________________

Go to the Top of This SecurityTracker Archive Page