CVE-2010-2387

high

Description

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/60642

https://bugzilla.gnome.org/show_bug.cgi?id=571846

https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure

http://www.osvdb.org/66643

http://www.auscert.org.au/13123

http://secunia.com/advisories/40780

http://secunia.com/advisories/40690

http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes

Details

Source: Mitre, NVD

Published: 2012-12-21

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 1.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High