ID CVE-2014-7300
Summary GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.
References
Vulnerable Configurations
  • cpe:2.3:a:gnome:gnome-shell:3.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gnome-shell:3.14.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 31-08-2016 - 15:08)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
bugzilla
id 1163474
title pam_pkcs11 with card_only breaks session selection
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment cogl is earlier than 0:1.14.0-6.el7
          oval oval:com.redhat.rhsa:tst:20150535001
        • comment cogl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150535002
      • AND
        • comment cogl-devel is earlier than 0:1.14.0-6.el7
          oval oval:com.redhat.rhsa:tst:20150535003
        • comment cogl-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150535004
      • AND
        • comment cogl-doc is earlier than 0:1.14.0-6.el7
          oval oval:com.redhat.rhsa:tst:20150535005
        • comment cogl-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150535006
      • AND
        • comment clutter is earlier than 0:1.14.4-12.el7
          oval oval:com.redhat.rhsa:tst:20150535007
        • comment clutter is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150535008
      • AND
        • comment clutter-devel is earlier than 0:1.14.4-12.el7
          oval oval:com.redhat.rhsa:tst:20150535009
        • comment clutter-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150535010
      • AND
        • comment clutter-doc is earlier than 0:1.14.4-12.el7
          oval oval:com.redhat.rhsa:tst:20150535011
        • comment clutter-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150535012
      • AND
        • comment gnome-shell is earlier than 0:3.8.4-45.el7
          oval oval:com.redhat.rhsa:tst:20150535013
        • comment gnome-shell is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20192044170
      • AND
        • comment gnome-shell-browser-plugin is earlier than 0:3.8.4-45.el7
          oval oval:com.redhat.rhsa:tst:20150535015
        • comment gnome-shell-browser-plugin is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150535016
      • AND
        • comment mutter is earlier than 0:3.8.4-16.el7
          oval oval:com.redhat.rhsa:tst:20150535017
        • comment mutter is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20192044106
      • AND
        • comment mutter-devel is earlier than 0:3.8.4-16.el7
          oval oval:com.redhat.rhsa:tst:20150535019
        • comment mutter-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20192044108
rhsa
id RHSA-2015:0535
released 2015-03-05
severity Low
title RHSA-2015:0535: GNOME Shell security, bug fix, and enhancement update (Low)
rpms
  • clutter-0:1.14.4-12.el7
  • clutter-debuginfo-0:1.14.4-12.el7
  • clutter-devel-0:1.14.4-12.el7
  • clutter-doc-0:1.14.4-12.el7
  • cogl-0:1.14.0-6.el7
  • cogl-debuginfo-0:1.14.0-6.el7
  • cogl-devel-0:1.14.0-6.el7
  • cogl-doc-0:1.14.0-6.el7
  • gnome-shell-0:3.8.4-45.el7
  • gnome-shell-browser-plugin-0:3.8.4-45.el7
  • gnome-shell-debuginfo-0:3.8.4-45.el7
  • mutter-0:3.8.4-16.el7
  • mutter-debuginfo-0:3.8.4-16.el7
  • mutter-devel-0:3.8.4-16.el7
refmap via4
confirm
mlist [oss-security] 20140929 gnome-shell lockscreen bypass with printscreen key
Last major update 31-08-2016 - 15:08
Published 25-12-2014 - 21:59
Last modified 31-08-2016 - 15:08
Back to Top