Computer Security
[EN] securityvulns.ru no-pyccku


gnome-screensaver protection bypass
updated since 16.02.2010
Published:09.03.2010
Source:
SecurityVulns ID:10622
Type:local
Threat Level:
5/10
Description:Screensaver crash on monitor hotplugging.
Affected:GNOME : gnome-screensaver 2.28
CVE:CVE-2010-0732 (gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.)
 CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.)
 CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.)
 CVE-2010-0285 (gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.)
Original documentdocumentUBUNTU, [USN-907-1] gnome-screensaver vulnerabilities (09.03.2010)
 documentUBUNTU, [USN-898-1] gnome-screensaver vulnerability (16.02.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod