CVE-2007-3920

{"id": "CVE-2007-3920", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-10-29T21:46:00.000", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27381", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28627", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30329", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30715", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0485.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26188", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-537-1", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-537-2", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=357071", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=363061", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37410", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10192", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00811.html", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00841.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069."}, {"lang": "es", "value": "El salvapantallas 2.20 de GNOME en Ubuntu 7.10, cuando se usa con Compiz, no reserva el foco de entrada apropiadamente, lo cual permite a atacantes remotos con acceso f\u00edsico tomar el control de la sesi\u00f3n despu\u00e9s de haber introducido la secuencia Alt-Tab, tema similar a CVE-2007-3069."}], "lastModified": "2017-09-29T01:29:09.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:amd64:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FB928CC9-0BC3-4AE1-B20B-A58A4C4AAE24"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:i386:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB850565-A800-44A6-945E-CB235531C5DD"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:powerpc:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3F37A796-E028-4247-A5E6-66B89A583F87"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:sparc:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "61DA44B7-FE1A-4452-843E-EAF1404B86F3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:compiz:compiz:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93384956-31D4-4111-B447-A6710A8A6306"}, {"criteria": "cpe:2.3:a:gnome:screensaver:2.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F784A89F-6759-4801-B00F-502EE8AD4E71"}], "operator": "OR"}], "operator": "AND"}], "vendorComments": [{"comment": "This issue affected Red Hat Enterprise Linux 5 with a low security impact. An update to the compiz package was released to correct this issue: \nhttps://rhn.redhat.com/errata/RHSA-2008-0485.html\n\n", "lastModified": "2008-05-21T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}