CVE-2010-0414 - gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and a

CVE-2010-0414

Summary

gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.

References

Vulnerable Configurations

cpe:2.3:a:gnome:screensaver:2.13:*:*:*:*:*:*:*
cpe:2.3:a:gnome:screensaver:2.13:*:*:*:*:*:*:*
cpe:2.3:a:gnome:screensaver:2.20:*:*:*:*:*:*:*
cpe:2.3:a:gnome:screensaver:2.20:*:*:*:*:*:*:*
cpe:2.3:a:gnome:screensaver:2.20.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:screensaver:2.20.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:screensaver:2.26.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:screensaver:2.26.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:screensaver:2.28.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:screensaver:2.28.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:screensaver:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:screensaver:*:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 26-02-2010 - 07:11)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	38149
confirm	http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.2.news http://git.gnome.org/browse/gnome-screensaver/commit/?id=a5f66339be6719c2b8fc478a1d5fc6545297d950 http://git.gnome.org/browse/gnome-screensaver/commit/?id=dcca89b7ab6e1220815af38da246434b2e13fd9f https://bugzilla.gnome.org/show_bug.cgi?id=609337 https://bugzilla.redhat.com/show_bug.cgi?id=562217
fedora	FEDORA-2010-1556
mandriva	MDVSA-2010:040
osvdb	62219
secunia	38468 38532 38534
ubuntu	USN-898-1

Last major update

26-02-2010 - 07:11

Published

11-02-2010 - 20:30

Last modified

26-02-2010 - 07:11