[CLA-2003:766] Conectiva Security Announcement - gdm

From: Conectiva Updates (secure_at_conectiva.com.br)
Date: 10/17/03

  • Next message: Conectiva Updates: "[CLA-2003:765] Conectiva Security Announcement - ircd" 
    Date: Fri, 17 Oct 2003 15:49:39 -0200
To: conectiva-updates@papaleguas.conectiva.com.br, lwn@lwn.net, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com, linsec@lists.seifried.org

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - --------------------------------------------------------------------------
    CONECTIVA LINUX SECURITY ANNOUNCEMENT
    - --------------------------------------------------------------------------

    PACKAGE : gdm
    SUMMARY : Local denial of service vulnerabilities
    DATE : 2003-10-17 15:46:00
    ID : CLA-2003:766
    RELEVANT
    RELEASES : 8, 9

    - -------------------------------------------------------------------------

    DESCRIPTION
     GDM[1] is the Gnome display manager used for graphical logins.
     
     Jarno Gassenbauer found two local denial of service vulnerabilites in
     GDM, both fixed in the versions 2.4.4.4, 2.4.1.7 and in the packages
     released with this advisory:
     
     - GDM does not impose a size limit to its receive buffer (which is
     dynamically allocated). An attacker can exploit this vulnerability by
     sending an arbitrary number of bytes to GDM so that the memory will
     be exausted and the kernel will terminate the GDM process.
     
     - GDM does not control the number nor imposes a timeout when queried
     for commands (like calls for version string, authentication, etc). An
     attacker can connect to gdm, send a command and never read the
     answer, thus causing gdm to fill its send buffer and stop accepting
     new, valid, logins.
     
     The Common Vulnerabilities and Exposures project (cve.mitre.org) has
     assigned the names CAN-2003-0793 and CAN-2003-0794, respectively, to
     these issues.

    SOLUTION
     It is recommended that all GDM users upgrade their packages.
     
     IMPORTANT: after the upgrade, the GDM service has to be restarted if
     it was being used. One way to do so is to run the following commands
     as root:
     
     # init 3
     
     This will take the system to text-mode login. After that, execute:
     
     # init 5
     
     to take the system back to graphic-mode login.
     
     
     REFERENCES
     1.http://www.5z.com/jirka/gdm.html
     2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0793
     3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0794

    UPDATED PACKAGES
    ftp://atualizacoes.conectiva.com.br/8/RPMS/gdm-2.2.5.4-3U80_2cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/8/SRPMS/gdm-2.2.5.4-3U80_2cl.src.rpm
    ftp://atualizacoes.conectiva.com.br/9/RPMS/gdm-2.4.1.6-27238U90_2cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/9/SRPMS/gdm-2.4.1.6-27238U90_2cl.src.rpm

    ADDITIONAL INSTRUCTIONS
     The apt tool can be used to perform RPM packages upgrades:

     - run: apt-get update
     - after that, execute: apt-get upgrade

     Detailed instructions reagarding the use of apt and upgrade examples
     can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

    - -------------------------------------------------------------------------
    All packages are signed with Conectiva's GPG key. The key and instructions
    on how to import it can be found at
    http://distro.conectiva.com.br/seguranca/chave/?idioma=en
    Instructions on how to check the signatures of the RPM packages can be
    found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

    - -------------------------------------------------------------------------
    All our advisories and generic update instructions can be viewed at
    http://distro.conectiva.com.br/atualizacoes/?idioma=en

    - -------------------------------------------------------------------------
    Copyright (c) 2003 Conectiva Inc.
    http://www.conectiva.com

    - -------------------------------------------------------------------------
    subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
    unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQE/kCux42jd0JmAcZARArP1AKDpzPEo4wMFixo2gYsbvMlXvJmg9ACfe0zo
    LtoqK+QK1GOYw2duUX2ly1k=
    =Stdc
    -----END PGP SIGNATURE-----

  • Next message: Conectiva Updates: "[CLA-2003:765] Conectiva Security Announcement - ircd"

    Relevant Pages

    • Re: what happened to KDE?
      ... > listed as a session option in gdm log-in window. ... unstable is currently missing the package libcupsys2. ... two packages conflict with each other. ...
      (Debian-User)
    • gdmgreeter segfaults after upgrade from patchlevel 3 to 4
      ... Manually install the old gdm packages fix the problem. ... ii libpam-modules 0.99.7.1-5ubuntu1 Pluggable Authentication Modules f ... ii libpam-runtime 0.99.7.1-5ubuntu1 Runtime support for the PAM librar ...
      (Ubuntu)
    • Re: how to find why packages are automatically installed?
      ... But I'm still left with a whole slew of automatically installed packages I don't want anymore, and I can't figure out how to identify why they are still installed. ... i A gnome-session Recommends nautilus ... So, if I'm understanding correctly, aptitude is telling me that nautilus is automatically installed because of gdm and gnome-session. ...
      (Debian-User)
    • [Full-disclosure] [ MDKSA-2006:100 ] - Updated gdm packages fix vulnerability
      ... A vulnerability in gdm could allow a user to activate the gdm setup ... The updated packages have been patched to correct this issue. ... Mandriva Linux 2006.0/X86_64: ...
      (Full-Disclosure)
    • [ MDKSA-2006:100 ] - Updated gdm packages fix vulnerability
      ... A vulnerability in gdm could allow a user to activate the gdm setup ... The updated packages have been patched to correct this issue. ... Mandriva Linux 2006.0/X86_64: ...
      (Bugtraq)