CVE-2013-1050

The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.ubuntu.com/usn/USN-1716-1
https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126	Vendor Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=683060
https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnome:gnome_screensaver:3.5.4:::::::*
	cpe:2.3:a:gnome:gnome_screensaver:3.5.5:::::::*
	cpe:2.3:a:gnome:gnome_screensaver:3.6.0:::::::*

History

No history.

Information

Published : 2013-03-08 22:55

Updated : 2013-03-18 04:00

NVD link : CVE-2013-1050

Mitre link : CVE-2013-1050

CVE.ORG link : CVE-2013-1050

JSON object : View

Products Affected

gnome

gnome_screensaver

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-1050", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-03-08T22:55:01.147", "references": [{"url": "http://www.ubuntu.com/usn/USN-1716-1", "source": "security@ubuntu.com"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126", "tags": ["Vendor Advisory"], "source": "security@ubuntu.com"}, {"url": "https://bugzilla.gnome.org/show_bug.cgi?id=683060", "source": "security@ubuntu.com"}, {"url": "https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4", "source": "security@ubuntu.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto en gnome-screensaver v3.5.4 hasta v3.6.0 fija la opci\u00f3n AutostartCondition a modo de retorno en el archivo .Desktop, lo que impide que el programa se inicie autom\u00e1ticamente despu\u00e9s de un inicio de sesi\u00f3n y permite a los atacantes f\u00edsicamente pr\u00f3ximos saltarse el bloqueo de pantalla y acceder a una estaci\u00f3n de trabajo sin vigilancia."}], "lastModified": "2013-03-18T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gnome_screensaver:3.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48224CBC-49B5-49CE-8665-3FFC2359778C"}, {"criteria": "cpe:2.3:a:gnome:gnome_screensaver:3.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "688B61C0-4213-43DE-862C-55A057118173"}, {"criteria": "cpe:2.3:a:gnome:gnome_screensaver:3.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9EA343E-C571-4253-97FC-2E2B17537BD4"}], "operator": "OR"}]}], "sourceIdentifier": "security@ubuntu.com"}