Debian Security Advisory

DSA-2205-1 gdm3 -- privilege escalation

Date Reported:
28 Mar 2011
Affected Packages:
gdm3
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2011-0727.
More information:

Sebastian Krahmer discovered that GDM 3, the GNOME Display Manager, does not properly drop privileges when manipulating files related to the logged-in user. As a result, local users can gain root privileges.

The oldstable distribution (lenny) does not contain a gdm3 package. The gdm package is not affected by this issue.

For the stable distribution (squeeze), this problem has been fixed in version 2.30.5-6squeeze2.

For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your gdm3 packages.