Home > Vulnerability Database > CVE-2010-2387

Mend.io Vulnerability Database

CVE-2010-2387

Date: December 20, 2012

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.

Severity Score

2.9

Related Resources (11)

Url: http://secunia.com/advisories/40690

Url: http://www.osvdb.org/66643

Url: https://access.redhat.com/security/cve/CVE-2010-2387

Url: http://secunia.com/advisories/40780

Url: https://bugzilla.gnome.org/show_bug.cgi?id=571846

Url: https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure

Url: http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/60642

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-2387

Url: http://www.auscert.org.au/13123

Url: https://www.mend.io/vulnerability-database/CVE-2010-2387

Severity Score

2.9

Weakness Type (CWE)

Credentials Management

CWE-255

CVSS v3.1

Base Score:	2.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	1.9
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-2387

Date: December 20, 2012

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?