Bug#403219: CVE-2006-6105: gdmchooser Format String Vulnerability

Daniel Leidert Fri, 15 Dec 2006 05:29:08 -0800

Package: gdm
Version: 2.16.1-1
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Today I found:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453.
After a fast look into the code it seems, that this issue is present in
the Debian package.

Please take a look at it.

Regards, Daniel


- -- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (850, 'unstable'), (700, 'testing'), (550, 'stable'), (110, 
'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.09060920
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)

Versions of packages gdm depends on:
ii  adduser                    3.100         Add and remove users and groups
ii  debconf [debconf-2.0]      1.5.10        Debian configuration management sy
ii  gdm-themes                 0.5           Themes for the GNOME Display Manag
ii  gksu                       2.0.0-1       graphical frontend to su
ii  gnome-session              2.14.3-3      The GNOME 2 Session Manager
ii  gnome-terminal [x-terminal 2.14.2-1      The GNOME 2 terminal emulator appl
ii  libart-2.0-2               2.3.17-1      Library of functions for 2D graphi
ii  libatk1.0-0                1.12.3-1      The ATK accessibility toolkit
ii  libattr1                   2.4.32-1      Extended attribute shared library
ii  libc6                      2.3.6.ds1-9   GNU C Library: Shared libraries
ii  libcairo2                  1.2.4-4       The Cairo 2D vector graphics libra
ii  libdmx1                    1:1.0.2-2     X11 Distributed Multihead extensio
ii  libfontconfig1             2.4.2-1       generic font configuration library
ii  libglade2-0                1:2.6.0-2     library to load .glade files at ru
ii  libglib2.0-0               2.12.4-2      The GLib library of C routines
ii  libgnomecanvas2-0          2.14.0-2      A powerful object-oriented display
ii  libgtk2.0-0                2.8.20-3      The GTK+ graphical user interface 
ii  libpam-modules             0.79-4        Pluggable Authentication Modules f
ii  libpam-runtime             0.79-4        Runtime support for the PAM librar
ii  libpam0g                   0.79-4        Pluggable Authentication Modules l
ii  libpango1.0-0              1.14.8-2      Layout and rendering of internatio
ii  libpopt0                   1.10-3        lib for parsing cmdline parameters
ii  librsvg2-2                 2.14.4-2      SAX-based renderer library for SVG
ii  librsvg2-common            2.14.4-2      SAX-based renderer library for SVG
ii  libselinux1                1.32-3        SELinux shared libraries
ii  libwrap0                   7.6.dbs-11    Wietse Venema's TCP wrappers libra
ii  libx11-6                   2:1.0.3-4     X11 client-side library
ii  libxau6                    1:1.0.1-2     X11 authorisation library
ii  libxcursor1                1.1.7-4       X cursor management library
ii  libxdmcp6                  1:1.0.1-2     X11 Display Manager Control Protoc
ii  libxext6                   1:1.0.1-2     X11 miscellaneous extension librar
ii  libxfixes3                 1:4.0.1-5     X11 miscellaneous 'fixes' extensio
ii  libxi6                     1:1.0.1-4     X11 Input extension library
ii  libxinerama1               1:1.0.1-4.1   X11 Xinerama extension library
ii  libxml2                    2.6.27.dfsg-1 GNOME XML library
ii  libxrandr2                 2:1.1.0.2-5   X11 RandR extension library
ii  libxrender1                1:0.9.1-3     X Rendering Extension client libra
ii  lsb-base                   3.1-22        Linux Standard Base 3.1 init scrip
ii  metacity [x-window-manager 1:2.14.5-2    A lightweight GTK2 based Window Ma
ii  twm [x-window-manager]     1:1.0.1-4     Tab window manager
ii  xbase-clients              1:7.1.ds-3    miscellaneous X clients
ii  xfce4-terminal [x-terminal 0.2.5.8rc2-1  Xfce terminal emulator
ii  xfwm4 [x-window-manager]   4.3.99.2-1    window manager of the Xfce project
ii  xterm [x-terminal-emulator 223-1         X terminal emulator

Versions of packages gdm recommends:
ii  dialog                    1.0-20060221-1 Displays user-friendly dialog boxe
ii  whiptail                  0.52.2-8       Displays user-friendly dialog boxe
ii  zenity                    2.14.3-1       Display graphical dialog boxes fro

- -- debconf information excluded

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFgpxWm0bx+wiPa4wRAjFtAKDW0OA8AkMaWndlyciqqOvN7WVErQCfUG+6
HOVV+KN+7mHM0YdUl5hZHLc=
=acsC
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#403219: CVE-2006-6105: gdmchooser Format String Vulnerability

Reply via email to