CVE-2010-2387
Last modified
CVE-2010-2387 is a vulnerability of currently unknown severity. vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.. EPSS estimates a 0.52% chance of exploitation in the next 30 days.
Description
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Gnome Display Manager | 2.20.0 |
| Gnome | Gnome Display Manager | 2.20.1 |
| Gnome | Gnome Display Manager | 2.20.2 |
| Gnome | Gnome Display Manager | 2.20.3 |
| Gnome | Gnome Display Manager | 2.20.4 |
| Gnome | Gnome Display Manager | 2.20.5 |
| Gnome | Gnome Display Manager | 2.20.6 |
| Gnome | Gnome Display Manager | 2.20.7 |
| Gnome | Gnome Display Manager | 2.20.8 |
| Gnome | Gnome Display Manager | 2.20.9 |
| Gnome | Gnome Display Manager | 2.20.10 |
References
- http://secunia.com/advisories/40690Vendor Advisory
- http://secunia.com/advisories/40780Vendor Advisory
- http://www.auscert.org.au/13123US Government Resource
- http://secunia.com/advisories/40690Vendor Advisory
- http://secunia.com/advisories/40780Vendor Advisory
- http://www.auscert.org.au/13123US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-2387?
How severe is CVE-2010-2387?
How do I fix CVE-2010-2387?
Are you affected by CVE-2010-2387?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST