CVE-2010-2387 Information

Description

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11 when GDM debug is enabled logs the user password when it contains invalid UTF8 encoded characters which might allow local users to gain privileges by reading the information from syslog logs.

Reference

http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes http://secunia.com/advisories/40690 http://secunia.com/advisories/40780 http://www.auscert.org.au/13123 http://www.osvdb.org/66643 https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure https://bugzilla.gnome.org/show_bug.cgi?id=571846 https://exchange.xforce.ibmcloud.com/vulnerabilities/60642