ID |
CVE-2014-7300
|
Summary |
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:gnome:gnome-shell:3.14.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gnome-shell:3.14.0:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
|
CVSS |
Base: | 7.2 (as of 31-08-2016 - 15:08) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-399 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
redhat
via4
|
advisories | bugzilla | id | 1163474 | title | pam_pkcs11 with card_only breaks session selection |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 7 is installed | oval | oval:com.redhat.rhba:tst:20150364027 |
OR | AND | comment | cogl is earlier than 0:1.14.0-6.el7 | oval | oval:com.redhat.rhsa:tst:20150535001 |
comment | cogl is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20150535002 |
|
AND | comment | cogl-devel is earlier than 0:1.14.0-6.el7 | oval | oval:com.redhat.rhsa:tst:20150535003 |
comment | cogl-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20150535004 |
|
AND | comment | cogl-doc is earlier than 0:1.14.0-6.el7 | oval | oval:com.redhat.rhsa:tst:20150535005 |
comment | cogl-doc is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20150535006 |
|
AND | comment | clutter is earlier than 0:1.14.4-12.el7 | oval | oval:com.redhat.rhsa:tst:20150535007 |
comment | clutter is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20150535008 |
|
AND | comment | clutter-devel is earlier than 0:1.14.4-12.el7 | oval | oval:com.redhat.rhsa:tst:20150535009 |
comment | clutter-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20150535010 |
|
AND | comment | clutter-doc is earlier than 0:1.14.4-12.el7 | oval | oval:com.redhat.rhsa:tst:20150535011 |
comment | clutter-doc is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20150535012 |
|
AND | comment | gnome-shell is earlier than 0:3.8.4-45.el7 | oval | oval:com.redhat.rhsa:tst:20150535013 |
comment | gnome-shell is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20192044170 |
|
AND | comment | gnome-shell-browser-plugin is earlier than 0:3.8.4-45.el7 | oval | oval:com.redhat.rhsa:tst:20150535015 |
comment | gnome-shell-browser-plugin is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20150535016 |
|
AND | comment | mutter is earlier than 0:3.8.4-16.el7 | oval | oval:com.redhat.rhsa:tst:20150535017 |
comment | mutter is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20192044106 |
|
AND | comment | mutter-devel is earlier than 0:3.8.4-16.el7 | oval | oval:com.redhat.rhsa:tst:20150535019 |
comment | mutter-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20192044108 |
|
|
|
|
| rhsa | id | RHSA-2015:0535 | released | 2015-03-05 | severity | Low | title | RHSA-2015:0535: GNOME Shell security, bug fix, and enhancement update (Low) |
|
| rpms | - clutter-0:1.14.4-12.el7
- clutter-debuginfo-0:1.14.4-12.el7
- clutter-devel-0:1.14.4-12.el7
- clutter-doc-0:1.14.4-12.el7
- cogl-0:1.14.0-6.el7
- cogl-debuginfo-0:1.14.0-6.el7
- cogl-devel-0:1.14.0-6.el7
- cogl-doc-0:1.14.0-6.el7
- gnome-shell-0:3.8.4-45.el7
- gnome-shell-browser-plugin-0:3.8.4-45.el7
- gnome-shell-debuginfo-0:3.8.4-45.el7
- mutter-0:3.8.4-16.el7
- mutter-debuginfo-0:3.8.4-16.el7
- mutter-devel-0:3.8.4-16.el7
|
|
refmap
via4
|
confirm | | mlist | [oss-security] 20140929 gnome-shell lockscreen bypass with printscreen key |
|
Last major update |
31-08-2016 - 15:08 |
Published |
25-12-2014 - 21:59 |
Last modified |
31-08-2016 - 15:08 |