CVE-2018-14424

Sažetak

The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.

Reference

http://www.securityfocus.com/bid/105179
https://gitlab.gnome.org/GNOME/gdm/issues/401
https://lists.debian.org/debian-lts-announce/2018/09/msg00003.html
https://usn.ubuntu.com/3737-1/
https://www.debian.org/security/2018/dsa-4270

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

18-10-2018 - 20:21

Objavljeno

14-08-2018 - 18:29