CVE-2006-2452

high

Description

GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.

References

https://usn.ubuntu.com/293-1/

https://exchange.xforce.ibmcloud.com/vulnerabilities/27018

http://www.vupen.com/english/advisories/2006/2239

http://www.securityfocus.com/bid/18332

http://www.securityfocus.com/archive/1/436428

http://www.mandriva.com/security/advisories?name=MDKSA-2006:100

http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml

http://secunia.com/advisories/20636

http://secunia.com/advisories/20627

http://secunia.com/advisories/20587

http://secunia.com/advisories/20552

http://secunia.com/advisories/20532

http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html

http://bugzilla.gnome.org/show_bug.cgi?id=343476

Details

Source: Mitre, NVD

Published: 2006-06-09

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 3.7

Vector: CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P

Severity: Low

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High