CVE-2017-12164

MEDIUM6.4EPSS 0.14%

發布日:2018/7/26修改日:2026/4/28

也稱為:DEBIAN-CVE-2017-12164

描述

A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.

受影響套件(1)

Debian/gdm3from 0, < 3.26.0-1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.4	CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-12164