CVE-2006-2452 Information

Description

GNOME GDM 2.8 2.12 2.14 and 2.15 when the \face browser\ feature is enabled allows local users to access the \Configure Login Manager\ functionality using their own password instead of the root password which can be leveraged to gain additional privileges.

Reference

http://bugzilla.gnome.org/show_bug.cgi?id=343476 http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html http://secunia.com/advisories/20532 http://secunia.com/advisories/20552 http://secunia.com/advisories/20587 http://secunia.com/advisories/20627 http://secunia.com/advisories/20636 http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:100 http://www.securityfocus.com/archive/1/436428 http://www.securityfocus.com/bid/18332 http://www.vupen.com/english/advisories/2006/2239 https://exchange.xforce.ibmcloud.com/vulnerabilities/27018 https://usn.ubuntu.com/293-1/