CVE-2010-0414

gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.2.news
http://git.gnome.org/browse/gnome-screensaver/commit/?id=a5f66339be6719c2b8fc478a1d5fc6545297d950
http://git.gnome.org/browse/gnome-screensaver/commit/?id=dcca89b7ab6e1220815af38da246434b2e13fd9f
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034904.html
http://secunia.com/advisories/38468	Vendor Advisory
http://secunia.com/advisories/38532
http://secunia.com/advisories/38534	Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:040
http://www.osvdb.org/62219
http://www.securityfocus.com/bid/38149
http://www.ubuntu.com/usn/USN-898-1
https://bugzilla.gnome.org/show_bug.cgi?id=609337
https://bugzilla.redhat.com/show_bug.cgi?id=562217

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnome:screensaver::::::::
	cpe:2.3:a:gnome:screensaver:2.13:::::::*
	cpe:2.3:a:gnome:screensaver:2.20:::::::*
	cpe:2.3:a:gnome:screensaver:2.20.0:::::::*
	cpe:2.3:a:gnome:screensaver:2.26.1:::::::*
	cpe:2.3:a:gnome:screensaver:2.28.0:::::::*

History

No history.

Information

Published : 2010-02-11 20:30

Updated : 2010-02-26 07:11

NVD link : CVE-2010-0414

Mitre link : CVE-2010-0414

CVE.ORG link : CVE-2010-0414

JSON object : View

Products Affected

gnome

screensaver

CWE

NVD-CWE-Other

{"id": "CVE-2010-0414", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-02-11T20:30:00.783", "references": [{"url": "http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.2.news", "source": "secalert@redhat.com"}, {"url": "http://git.gnome.org/browse/gnome-screensaver/commit/?id=a5f66339be6719c2b8fc478a1d5fc6545297d950", "source": "secalert@redhat.com"}, {"url": "http://git.gnome.org/browse/gnome-screensaver/commit/?id=dcca89b7ab6e1220815af38da246434b2e13fd9f", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034904.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/38468", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/38532", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/38534", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:040", "source": "secalert@redhat.com"}, {"url": "http://www.osvdb.org/62219", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/38149", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-898-1", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.gnome.org/show_bug.cgi?id=609337", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=562217", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor."}, {"lang": "es", "value": "gnome-screensaver v2.28.2 permite a atacantes f\u00edsicamente pr\u00f3ximos , acceder un ordenador sin nadie sobre el que se ha bloqueado la pantalla de manera intencionada, moviendo el rat\u00f3n hacia una posici\u00f3n de un monitor externo y luego desconectando dicho monitor.."}], "lastModified": "2010-02-26T07:11:13.623", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnome:screensaver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "994F7A78-00FE-4BCD-A0CA-BE56B72BC534", "versionEndIncluding": "2.28.1"}, {"criteria": "cpe:2.3:a:gnome:screensaver:2.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BD3F6D9-F0DB-430F-87B1-834D3C0E8339"}, {"criteria": "cpe:2.3:a:gnome:screensaver:2.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F784A89F-6759-4801-B00F-502EE8AD4E71"}, {"criteria": "cpe:2.3:a:gnome:screensaver:2.20.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C625FA37-1414-4008-9826-D7E6C84DAAAA"}, {"criteria": "cpe:2.3:a:gnome:screensaver:2.26.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78D89DE8-E8AA-4E25-B251-5C641F3DB452"}, {"criteria": "cpe:2.3:a:gnome:screensaver:2.28.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8F6FD15-5B21-48C5-BB33-D57C23859120"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}