CVE-2007-3920 - GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus,

CVE-2007-3920

Summary

GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.

References

Vulnerable Configurations

cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:amd64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:amd64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:i386:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:i386:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:powerpc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:powerpc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:sparc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:sparc:*:*:*:*:*
cpe:2.3:a:compiz:compiz:*:*:*:*:*:*:*:*
cpe:2.3:a:compiz:compiz:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:screensaver:2.20:*:*:*:*:*:*:*
cpe:2.3:a:gnome:screensaver:2.20:*:*:*:*:*:*:*

CVSS

Base:	6.2 (as of 29-09-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:H/Au:N/C:C/I:C/A:C

oval via4

accepted

2013-04-29T04:03:12.966-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10192

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

bugzilla

id	350271
title	CVE-2007-3920 gnome-screensaver loses keyboard grab when running under compiz

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment compiz is earlier than 0:0.0.13-0.37.20060817git.el5
oval oval:com.redhat.rhsa:tst:20080485001
comment compiz is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080485002

AND

comment compiz-devel is earlier than 0:0.0.13-0.37.20060817git.el5
oval oval:com.redhat.rhsa:tst:20080485003
comment compiz-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080485004

rhsa

id	RHSA-2008:0485
released	2008-05-19
severity	Low
title	RHSA-2008:0485: compiz security update (Low)

rpms

compiz-0:0.0.13-0.37.20060817git.el5
compiz-debuginfo-0:0.0.13-0.37.20060817git.el5
compiz-devel-0:0.0.13-0.37.20060817git.el5

refmap via4

bid	26188
confirm	https://bugzilla.redhat.com/show_bug.cgi?id=357071 https://bugzilla.redhat.com/show_bug.cgi?id=363061
fedora	FEDORA-2008-0930 FEDORA-2008-0956
secunia	27381 28627 30329 30715
suse	SUSE-SA:2008:027
ubuntu	USN-537-1 USN-537-2
xf	gnomescreensaver-compiz-security-bypass(37410)

statements via4

contributor	Joshua Bressers
lastmodified	2008-05-21
organization	Red Hat
statement	This issue affected Red Hat Enterprise Linux 5 with a low security impact. An update to the compiz package was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0485.html

Last major update

29-09-2017 - 01:29

Published

29-10-2007 - 21:46

Last modified

29-09-2017 - 01:29