Main Vulnerability Database SB2018072627

SB2018072627 - Improper Initialization in GNOME Display Manager

Published: July 26, 2018 Updated: August 8, 2020

Security Bulletin ID SB2018072627

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Initialization (CVE-ID: CVE-2017-12164)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.

Remediation

Install update from vendor's website.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164
https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28