Bug#433259: gdm: switched user get access to previous logged in user without a password
Martin Dimitrov
martopost at abv.bg
Sun Jul 15 22:29:46 UTC 2007
Package: gdm
Version: 2.18.2-1
Severity: critical
Tags: security
Justification: root security hole
When loged user make a "switch user" and other user log on. After new user finish his work
and want to log off he immediately get access to previous loged in user without need to type a password!
-- System Information:
Debian Release: lenny/sid
APT prefers testing-proposed-updates
APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-5-k7 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages gdm depends on:
ii adduser 3.103 Add and remove users and groups
ii debconf [debconf-2.0] 1.5.13 Debian configuration management sy
ii gksu 2.0.0-4 graphical frontend to su
ii gnome-session 2.18.2-2 The GNOME 2 Session Manager
ii gnome-terminal [x-terminal 2.18.1-1 The GNOME 2 terminal emulator appl
ii libart-2.0-2 2.3.19-3 Library of functions for 2D graphi
ii libatk1.0-0 1.18.0-2 The ATK accessibility toolkit
ii libattr1 1:2.4.32-1.1 Extended attribute shared library
ii libc6 2.5-9+b1 GNU C Library: Shared libraries
ii libcairo2 1.4.10-1 The Cairo 2D vector graphics libra
ii libdbus-1-3 1.1.1-3 simple interprocess messaging syst
ii libdbus-glib-1-2 0.73-2 simple interprocess messaging syst
ii libdmx1 1:1.0.2-2 X11 Distributed Multihead extensio
ii libfontconfig1 2.4.2-1.2 generic font configuration library
ii libglade2-0 1:2.6.1-1 library to load .glade files at ru
ii libglib2.0-0 2.12.12-1+b1 The GLib library of C routines
ii libgnomecanvas2-0 2.14.0-3 A powerful object-oriented display
ii libgtk2.0-0 2.10.13-1 The GTK+ graphical user interface
ii libpam-modules 0.79-4 Pluggable Authentication Modules f
ii libpam-runtime 0.79-4 Runtime support for the PAM librar
ii libpam0g 0.79-4 Pluggable Authentication Modules l
ii libpango1.0-0 1.16.4-1 Layout and rendering of internatio
ii libpopt0 1.10-3 lib for parsing cmdline parameters
ii librsvg2-2 2.16.1-2 SAX-based renderer library for SVG
ii librsvg2-common 2.16.1-2 SAX-based renderer library for SVG
ii libselinux1 2.0.15-2+b1 SELinux shared libraries
ii libwrap0 7.6.dbs-13 Wietse Venema's TCP wrappers libra
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxau6 1:1.0.3-2 X11 authorisation library
ii libxcursor1 1:1.1.8-2 X cursor management library
ii libxdmcp6 1:1.0.2-2 X11 Display Manager Control Protoc
ii libxext6 1:1.0.3-2 X11 miscellaneous extension librar
ii libxfixes3 1:4.0.3-2 X11 miscellaneous 'fixes' extensio
ii libxi6 1:1.0.1-4 X11 Input extension library
ii libxinerama1 1:1.0.2-1 X11 Xinerama extension library
ii libxml2 2.6.29.dfsg-1 GNOME XML library
ii libxrandr2 2:1.2.1-1 X11 RandR extension library
ii libxrender1 1:0.9.2-1 X Rendering Extension client libra
ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip
ii metacity [x-window-manager 1:2.14.5-4 A lightweight GTK2 based Window Ma
ii rxvt [x-terminal-emulator] 1:2.6.4-10 VT102 terminal emulator for the X
ii twm [x-window-manager] 1:1.0.3-2 Tab window manager
ii xbase-clients 1:7.2.ds2-2 miscellaneous X clients
ii xterm [x-terminal-emulator 226-1 X terminal emulator
Versions of packages gdm recommends:
ii dialog 1.1-20070604-1 Displays user-friendly dialog boxe
ii gdm-themes 0.5.1 Themes for the GNOME Display Manag
ii whiptail 0.52.2-10 Displays user-friendly dialog boxe
ii zenity 2.18.2-1 Display graphical dialog boxes fro
-- debconf information:
gdm/daemon_name: /usr/bin/gdm
* shared/default-x-display-manager: gdm
More information about the pkg-gnome-maintainers
mailing list