CVE-2019-3825

NameCVE-2019-3825
DescriptionA vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs921764

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gdm3 (PTS)stretch3.22.3-3+deb9u2vulnerable
stretch (security)3.22.3-3+deb9u3vulnerable
buster3.30.2-3fixed
bullseye3.38.2.1-1fixed
bookworm, sid42.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gdm3source(unstable)3.30.2-3low921764

Notes

[stretch] - gdm3 <no-dsa> (Minor issue)
[jessie] - gdm3 <ignored> (Minor issue)
https://gitlab.gnome.org/GNOME/gdm/issues/460

Search for package or bug name: Reporting problems