CVE-2010-0414

gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://git.gnome.org/browse/gnome-screensaver/commit/?id=dcca89b7ab6e1220815af38da246434b2e13fd9f
http://www.osvdb.org/62219
http://secunia.com/advisories/38468	Vendor Advisory
http://www.securityfocus.com/bid/38149
http://secunia.com/advisories/38534	Vendor Advisory
http://git.gnome.org/browse/gnome-screensaver/commit/?id=a5f66339be6719c2b8fc478a1d5fc6545297d950
https://bugzilla.redhat.com/show_bug.cgi?id=562217
http://www.ubuntu.com/usn/USN-898-1
http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.2.news
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034904.html
https://bugzilla.gnome.org/show_bug.cgi?id=609337
http://www.mandriva.com/security/advisories?name=MDVSA-2010:040
http://secunia.com/advisories/38532

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnome:screensaver:2.20.0:::::::*
	cpe:2.3:a:gnome:screensaver:2.20:::::::*
	cpe:2.3:a:gnome:screensaver:2.28.0:::::::*
	cpe:2.3:a:gnome:screensaver:2.26.1:::::::*
	cpe:2.3:a:gnome:screensaver:2.13:::::::*
	cpe:2.3:a:gnome:screensaver::::::::

Information

Published : 2010-02-11 20:30

Updated : 2010-02-26 07:11

NVD link : CVE-2010-0414

Mitre link : CVE-2010-0414

JSON object : View

Products Affected

gnome

screensaver

CWE

NVD-CWE-Other

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://git.gnome.org/browse/gnome-screensaver/commit/?id=dcca89b7ab6e1220815af38da246434b2e13fd9f", "name": "http://git.gnome.org/browse/gnome-screensaver/commit/?id=dcca89b7ab6e1220815af38da246434b2e13fd9f", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.osvdb.org/62219", "name": "62219", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/38468", "name": "38468", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/38149", "name": "38149", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/38534", "name": "38534", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://git.gnome.org/browse/gnome-screensaver/commit/?id=a5f66339be6719c2b8fc478a1d5fc6545297d950", "name": "http://git.gnome.org/browse/gnome-screensaver/commit/?id=a5f66339be6719c2b8fc478a1d5fc6545297d950", "tags": [], "refsource": "CONFIRM"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=562217", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=562217", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.ubuntu.com/usn/USN-898-1", "name": "USN-898-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.2.news", "name": "http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.2.news", "tags": [], "refsource": "CONFIRM"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034904.html", "name": "FEDORA-2010-1556", "tags": [], "refsource": "FEDORA"}, {"url": "https://bugzilla.gnome.org/show_bug.cgi?id=609337", "name": "https://bugzilla.gnome.org/show_bug.cgi?id=609337", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:040", "name": "MDVSA-2010:040", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://secunia.com/advisories/38532", "name": "38532", "tags": [], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-0414", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-02-11T20:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnome:screensaver:2.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnome:screensaver:2.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnome:screensaver:2.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnome:screensaver:2.26.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnome:screensaver:2.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnome:screensaver:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.28.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2010-02-26T07:11Z"}