USN-278-1: gdm vulnerability
4 May 2006
gdm vulnerability
Releases
Details
Marcus Meissner discovered a race condition in gdm's handling of the
~/.ICEauthority file permissions. A local attacker could exploit this
to become the owner of an arbitrary file in the system. When getting
control over automatically executed scripts (like cron jobs), the
attacker could eventually leverage this flaw to execute arbitrary
commands with root privileges.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 5.10
-
gdm
-
Ubuntu 5.04
-
gdm
-
In general, a standard system update will make all the necessary changes.