Home > Vulnerability Database > CVE-2007-3381

Mend.io Vulnerability Database

CVE-2007-3381

Date: August 7, 2007

The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.

Severity Score

2.5

Related Resources (22)

Url: http://ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changes

Url: http://www.securityfocus.com/archive/1/475451/30/5550/threaded

Url: http://security.gentoo.org/glsa/glsa-200709-11.xml

Url: http://www.vupen.com/english/advisories/2007/2781

Url: http://ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.news

Url: http://ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.news

Url: http://www.securitytracker.com/id?1018523

Url: https://issues.rpath.com/browse/RPL-1599

Url: https://access.redhat.com/security/cve/CVE-2007-3381

Url: http://www.securityfocus.com/bid/25191

Url: http://secunia.com/advisories/26879

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:169

Url: http://secunia.com/advisories/26900

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-3381

Url: http://ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.news

Url: http://www.redhat.com/support/errata/RHSA-2007-0777.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887

Url: http://secunia.com/advisories/26520

Url: http://secunia.com/advisories/26313

Url: http://secunia.com/advisories/26368

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-3381

Url: https://www.mend.io/vulnerability-database/CVE-2007-3381

Severity Score

2.5

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	2.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	1.5
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-3381

Date: August 7, 2007

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?