gdm security update
Local users could trick gdm into changing ownership of
arbitrary files by placing symlinks in the user session
cache (CVE-2011-0727).
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4250
Fixed bugs
bnc#679786
VUL-0: gdm local root exploit via symlink attacks
CVE#CVE-2011-0727
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
