CVE-2019-3825

NameCVE-2019-3825
DescriptionA vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: local)
Debian Bugs921764

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gdm3 (PTS)jessie3.14.1-7vulnerable
jessie (security)3.14.1-7+deb8u1vulnerable
stretch (security), stretch3.22.3-3+deb9u2vulnerable
bullseye, sid, buster3.30.2-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gdm3source(unstable)3.30.2-3low921764

Notes

[stretch] - gdm3 <no-dsa> (Minor issue)
[jessie] - gdm3 <ignored> (Minor issue)
https://gitlab.gnome.org/GNOME/gdm/issues/460

Search for package or bug name: Reporting problems