Vulnerability Details : CVE-2010-2387
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
Exploit prediction scoring system (EPSS) score for CVE-2010-2387
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2387
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:P/I:N/A:N |
3.4
|
2.9
|
NIST |
CWE ids for CVE-2010-2387
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2387
-
http://www.auscert.org.au/13123
404 - AusCERTUS Government Resource
-
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/60642
Sun Solaris GNOME Display Manager information disclosure CVE-2010-2387 Vulnerability Report
-
https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure
CVE-2010-2387 Password disclosure vulnerability in GNOME Display Manager (gdm) | Oracle Third Party Vulnerability Resolution Blog
-
https://bugzilla.gnome.org/show_bug.cgi?id=571846
Bug 571846 – user password may end up in /var/log/messages
Products affected by CVE-2010-2387
- cpe:2.3:a:gnome:gnome_display_manager:2.20.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:2.20.6:*:*:*:*:*:*:*