Description
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
Product(s):
- GNOME GDM 2.2.0
- GNOME GDM 2.4.1.1
- GNOME GDM 2.4.1.2
- GNOME GDM 2.4.1.3
- GNOME GDM 2.4.1.4
- GNOME GDM 2.4.1.5
- GNOME GDM 2.4.1.6
- GNOME GDM 2.4.1
- Red Hat KDEBase 2.0 Beta 2.45 for i386
- Red Hat KDEBase 2.0 Beta 2.45 on PPC
- Red Hat KDEBase 2.2.3.1.20 on Intel 386
- Red Hat KDEBase 2.2.3.1.20 on IA64
- Red Hat KDEBase 2.2.3.1.22 on Intel 386
- Red Hat KDEBase 2.4.0.7.13 on Intel 386
- Red Hat KDEBase 2.4.1.3.5 on i386
- Red Hat Enterprise Linux 2.1 Advanced Server
- Red Hat Enterprise Linux 2.1 Advanced Server IA64
- Red Hat Enterprise Linux 2.1 Enterprise Server
- Red Hat Enterprise Linux 2.1 Enterprise Server IA64
- Red Hat Enterprise Linux 2.1 Workstation
- Red Hat Enterprise Linux 2.1 Workstation IA64
- Red Hat Linux Advanced Workstation 2.1
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2003-0549, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2003-0549 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.