CVE-2009-4642 - gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time,

CVE-2009-4642

Summary

gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536381
http://bugzilla.xfce.org/show_bug.cgi?id=5927
https://bugzilla.gnome.org/show_bug.cgi?id=592093
https://launchpad.net/bugs/411350
https://launchpad.net/bugs/493573

Vulnerable Configurations

cpe:2.3:a:gnome:screensaver:2.26.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:screensaver:2.26.1:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 22-03-2010 - 04:00)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536381
http://bugzilla.xfce.org/show_bug.cgi?id=5927
https://bugzilla.gnome.org/show_bug.cgi?id=592093
https://launchpad.net/bugs/411350
https://launchpad.net/bugs/493573

Last major update

22-03-2010 - 04:00

Published

11-02-2010 - 21:30

Last modified

22-03-2010 - 04:00