ID CVE-2007-3920
Summary GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
References
Vulnerable Configurations
  • cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:amd64:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:amd64:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:i386:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:i386:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:powerpc:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:powerpc:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:sparc:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:sparc:*:*:*:*:*
  • cpe:2.3:a:compiz:compiz:*:*:*:*:*:*:*:*
    cpe:2.3:a:compiz:compiz:*:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:screensaver:2.20:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:screensaver:2.20:*:*:*:*:*:*:*
CVSS
Base: 6.2 (as of 29-09-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:H/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:03:12.966-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
family unix
id oval:org.mitre.oval:def:10192
status accepted
submitted 2010-07-09T03:56:16-04:00
title GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
version 19
redhat via4
advisories
bugzilla
id 350271
title CVE-2007-3920 gnome-screensaver loses keyboard grab when running under compiz
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • OR
    • AND
      • comment compiz is earlier than 0:0.0.13-0.37.20060817git.el5
        oval oval:com.redhat.rhsa:tst:20080485002
      • comment compiz is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20080485003
    • AND
      • comment compiz-devel is earlier than 0:0.0.13-0.37.20060817git.el5
        oval oval:com.redhat.rhsa:tst:20080485004
      • comment compiz-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20080485005
rhsa
id RHSA-2008:0485
released 2008-05-20
severity Low
title RHSA-2008:0485: compiz security update (Low)
rpms
  • compiz-0:0.0.13-0.37.20060817git.el5
  • compiz-devel-0:0.0.13-0.37.20060817git.el5
refmap via4
bid 26188
confirm
fedora
  • FEDORA-2008-0930
  • FEDORA-2008-0956
secunia
  • 27381
  • 28627
  • 30329
  • 30715
suse SUSE-SA:2008:027
ubuntu
  • USN-537-1
  • USN-537-2
xf gnomescreensaver-compiz-security-bypass(37410)
statements via4
contributor Joshua Bressers
lastmodified 2008-05-21
organization Red Hat
statement This issue affected Red Hat Enterprise Linux 5 with a low security impact. An update to the compiz package was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0485.html
Last major update 29-09-2017 - 01:29
Published 29-10-2007 - 21:46
Back to Top