This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gnome First view 2006-03-20
Product Screensaver Last view 2012-08-07
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:gnome:screensaver:2.28.0:*:*:*:*:*:*:* 5
cpe:2.3:a:gnome:screensaver:2.20:*:*:*:*:*:*:* 5
cpe:2.3:a:gnome:screensaver:2.14.3:*:*:*:*:*:*:* 4
cpe:2.3:a:gnome:screensaver:2.13:*:*:*:*:*:*:* 4
cpe:2.3:a:gnome:screensaver:2.27:*:*:*:*:*:*:* 3
cpe:2.3:a:gnome:screensaver:2.22.2:*:*:*:*:*:*:* 3
cpe:2.3:a:gnome:screensaver:2.26.1:*:*:*:*:*:*:* 3
cpe:2.3:a:gnome:screensaver:2.20.0:*:*:*:*:*:*:* 3
cpe:2.3:a:gnome:screensaver:2.28.1:*:*:*:*:*:*:* 2
cpe:2.3:a:gnome:screensaver:2.28.3:*:*:*:*:*:*:* 1
cpe:2.3:a:gnome:screensaver:2.28.2:*:*:*:*:*:*:* 1
cpe:2.3:a:gnome:screensaver:3.5.3:*:*:*:*:*:*:* 1
cpe:2.3:a:gnome:screensaver:3.4.0:*:*:*:*:*:*:* 1
cpe:2.3:a:gnome:screensaver:3.4.3:*:*:*:*:*:*:* 1
cpe:2.3:a:gnome:screensaver:3.4.2:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
3.3 2012-08-07 CVE-2012-3452

gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation.

6.2 2010-03-19 CVE-2010-0732

gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.

4 2010-02-24 CVE-2010-0422

gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.

5.6 2010-02-24 CVE-2010-0285

gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.

7.2 2010-02-11 CVE-2010-0414

gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.

7.2 2010-02-11 CVE-2009-4642

gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.

7.2 2010-02-11 CVE-2009-4641

gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.

4.7 2008-04-06 CVE-2008-0887

gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.

2.1 2007-12-17 CVE-2007-6389

The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V.

6.2 2007-10-29 CVE-2007-3920

GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.

3.7 2006-03-20 CVE-2006-1335

gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-362 Race Condition
50% (1) CWE-264 Permissions, Privileges, and Access Controls

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:17656 USN-537-2 -- compiz vulnerability
oval:org.mitre.oval:def:17542 USN-537-1 -- gnome-screensaver vulnerability
oval:org.mitre.oval:def:10192 GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not proper...
oval:org.mitre.oval:def:22308 ELSA-2008:0485: compiz security update (Low)
oval:org.mitre.oval:def:17707 USN-669-1 -- gnome-screensaver vulnerabilities
oval:org.mitre.oval:def:10813 gnome-screensaver before 2.22.1, when a remote authentication server is enabl...
oval:org.mitre.oval:def:22162 ELSA-2008:0197: gnome-screensaver security update (Moderate)
oval:org.mitre.oval:def:21852 ELSA-2008:0218: gnome-screensaver security update (Moderate)
oval:org.mitre.oval:def:12872 USN-898-1 -- gnome-screensaver vulnerability
oval:org.mitre.oval:def:13229 USN-866-1 -- gnome-screensaver vulnerability
oval:org.mitre.oval:def:13593 USN-907-1 -- gnome-screensaver vulnerabilities

Open Source Vulnerability Database (OSVDB)

id Description
62576 gnome-screensaver Extend Screen Option Authentication Bypass
62371 gnome-screensaver Monitor Topology Change Security Bypass Weakness
62323 gnome-screensaver gnome-session D-Bus Interface Screen Locking Bypass
62219 gnome-screensaver Monitor Topology Change Screen Lock Bypass
61203 GTK+ gdk/gdkwindow.c gdk_window_begin_implicit_paint() Function Foreign Windo...
61117 gnome-screensaver on Ubuntu Linux Idle Timer Re-enable Weakness
43986 gnome-screensaver NIS Authentication Method Screen Lock Bypass
43689 GNOME screensaver Notify Feature Ctrl-v Local Clipboard Content Disclosure
41988 GNOME screensaver With Compiz Screen Focus Weakness
24015 Gnome Screensaver Password Lock Dialog Bypass

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2011-05-23 Name : Mandriva Update for gnome-screensaver MDVSA-2011:093 (gnome-screensaver)
File : nvt/gb_mandriva_MDVSA_2011_093.nasl
2010-05-28 Name : Mandriva Update for gtk+2.0 MDVSA-2010:109 (gtk+2.0)
File : nvt/gb_mandriva_MDVSA_2010_109.nasl
2010-03-12 Name : Ubuntu Update for gnome-screensaver vulnerabilities USN-907-1
File : nvt/gb_ubuntu_USN_907_1.nasl
2010-03-02 Name : Fedora Update for gnome-screensaver FEDORA-2010-1855
File : nvt/gb_fedora_2010_1855_gnome-screensaver_fc12.nasl
2010-03-02 Name : Fedora Update for gnome-screensaver FEDORA-2010-1556
File : nvt/gb_fedora_2010_1556_gnome-screensaver_fc12.nasl
2010-02-19 Name : Mandriva Update for gnome-screensaver MDVSA-2010:040 (gnome-screensaver)
File : nvt/gb_mandriva_MDVSA_2010_040.nasl
2010-02-18 Name : FreeBSD Ports: gnome-screensaver
File : nvt/freebsd_gnome-screensaver.nasl
2010-02-15 Name : Ubuntu Update for gnome-screensaver vulnerability USN-898-1
File : nvt/gb_ubuntu_USN_898_1.nasl
2010-01-22 Name : Mandriva Update for mmc-wizard MDVA-2010:040 (mmc-wizard)
File : nvt/gb_mandriva_MDVA_2010_040.nasl
2009-12-10 Name : Ubuntu USN-866-1 (gnome-screensaver)
File : nvt/ubuntu_866_1.nasl
2009-10-19 Name : Mandrake Security Advisory MDVSA-2009:278 (compiz-fusion-plugins-main)
File : nvt/mdksa_2009_278.nasl
2009-10-13 Name : SLES10: Security update for xscreensaver
File : nvt/sles10_xscreensaver.nasl
2009-10-10 Name : SLES9: Security update for xscreensaver
File : nvt/sles9p5031340.nasl
2009-04-09 Name : Mandriva Update for gnome-screensaver MDVSA-2008:132 (gnome-screensaver)
File : nvt/gb_mandriva_MDVSA_2008_132.nasl
2009-04-09 Name : Mandriva Update for gnome-screensaver MDVSA-2008:135 (gnome-screensaver)
File : nvt/gb_mandriva_MDVSA_2008_135.nasl
2009-03-23 Name : Ubuntu Update for gnome-screensaver vulnerabilities USN-669-1
File : nvt/gb_ubuntu_USN_669_1.nasl
2009-03-23 Name : Ubuntu Update for compiz vulnerability USN-537-2
File : nvt/gb_ubuntu_USN_537_2.nasl
2009-03-23 Name : Ubuntu Update for gnome-screensaver vulnerability USN-537-1
File : nvt/gb_ubuntu_USN_537_1.nasl
2009-03-06 Name : RedHat Update for gnome-screensaver RHSA-2008:0197-01
File : nvt/gb_RHSA-2008_0197-01_gnome-screensaver.nasl
2009-03-06 Name : RedHat Update for gnome-screensaver RHSA-2008:0218-01
File : nvt/gb_RHSA-2008_0218-01_gnome-screensaver.nasl
2009-02-17 Name : Fedora Update for xorg-x11-server FEDORA-2008-0930
File : nvt/gb_fedora_2008_0930_xorg-x11-server_fc8.nasl
2009-02-17 Name : Fedora Update for xorg-x11-server FEDORA-2008-0956
File : nvt/gb_fedora_2008_0956_xorg-x11-server_fc7.nasl
2009-02-17 Name : Fedora Update for gnome-screensaver FEDORA-2008-3017
File : nvt/gb_fedora_2008_3017_gnome-screensaver_fc8.nasl
2009-02-16 Name : Fedora Update for gnome-screensaver FEDORA-2008-2818
File : nvt/gb_fedora_2008_2818_gnome-screensaver_fc7.nasl
2009-02-16 Name : Fedora Update for gnome-screensaver FEDORA-2008-2872
File : nvt/gb_fedora_2008_2872_gnome-screensaver_fc8.nasl

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2008-0197.nasl - Type: ACT_GATHER_INFO
2013-01-25 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_gnome-screensaver-100318.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing a security update.
File: sl_20080402_gnome_screensaver_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080521_compiz_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2010-07-30 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2010-040.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-1556.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-1855.nasl - Type: ACT_GATHER_INFO
2010-05-28 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2010-109.nasl - Type: ACT_GATHER_INFO
2010-03-31 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_gnome-screensaver-100318.nasl - Type: ACT_GATHER_INFO
2010-03-31 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_gnome-screensaver-100318.nasl - Type: ACT_GATHER_INFO
2010-03-09 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-907-1.nasl - Type: ACT_GATHER_INFO
2010-02-16 Name: The remote openSUSE host is missing a security update.
File: suse_11_2_gnome-screensaver-100214.nasl - Type: ACT_GATHER_INFO
2010-02-15 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_0a82ac0c188611dfb0d10015f2db7bde.nasl - Type: ACT_GATHER_INFO
2010-02-15 Name: The remote openSUSE host is missing a security update.
File: suse_11_2_gnome-screensaver-100120.nasl - Type: ACT_GATHER_INFO
2010-02-15 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_gnome-screensaver-100120.nasl - Type: ACT_GATHER_INFO
2010-02-11 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-898-1.nasl - Type: ACT_GATHER_INFO
2010-01-06 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2008-0197.nasl - Type: ACT_GATHER_INFO
2009-12-08 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-866-1.nasl - Type: ACT_GATHER_INFO
2009-10-15 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2009-278.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12174.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-669-1.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2008-135.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2008-132.nasl - Type: ACT_GATHER_INFO
2008-08-15 Name: The remote openSUSE host is missing a security update.
File: suse_gnome-screensaver-5506.nasl - Type: ACT_GATHER_INFO