Executive Summary
Summary | |
---|---|
Title | X.Org X Server/X Keyboard Configuration Database: Screen lock bypass |
Informations | |||
---|---|---|---|
Name | GLSA-201201-16 | First vendor Publication | 2012-01-27 |
Vendor | Gentoo | Last vendor Modification | 2012-01-27 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis A debugging functionality in the X.Org X Server that is bound to a hotkey by default can be used by local attackers to circumvent screen locking utilities. Background Description Gu1 reported that the X Keyboard Configuration Database maps this functionality by default to the Ctrl+Alt+Numpad * key combination. Impact Workaround Resolution NOTE: The X.Org X Server 1.11 was only stable on the AMD64, ARM, HPPA, and x86 architectures. Users of the stable branches of all other architectures are not affected and will be directly provided with a fixed X Keyboard Configuration Database version. References Availability http://security.gentoo.org/glsa/glsa-201201-16.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201201-16.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-03-19 | Name : Fedora Update for xkeyboard-config FEDORA-2012-0712 File : nvt/gb_fedora_2012_0712_xkeyboard-config_fc16.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-16 (xkeyboard-config xorg-server) File : nvt/glsa_201201_16.nasl |
2012-01-25 | Name : Fedora Update for xkeyboard-config FEDORA-2012-0709 File : nvt/gb_fedora_2012_0709_xkeyboard-config_fc15.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78445 | X.Org Grab-Breaking Keybinding Screensaver Lock Bypass |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-01-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201201-16.nasl - Type : ACT_GATHER_INFO |
2012-01-25 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0709.nasl - Type : ACT_GATHER_INFO |
2012-01-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0712.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:37:10 |
|
2014-02-12 00:22:22 |
|
2014-02-11 13:24:49 |
|