Executive Summary

Informations
Name CVE-2010-0923 First vendor Publication 2010-03-03
Vendor Cve Last vendor Modification 2010-03-04

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0923

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
62417 KDE KRunner workspace/krunner/lock/lockdlg.cc Lock Module Race Condition Pass...

KRunner, which is part of the kdebase module contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the lock module does not properly verify existing processes, creating a race condition in the password validation process. This could cause KRunner to hang or crash, which could allow a local attacker to gain access to the user's desktop and circumvent the lock mechanism.

Sources (Detail)

Source Url
CONFIRM http://bugs.kde.org/show_bug.cgi?id=226449
http://websvn.kde.org/?revision=1089213&view=revision
http://websvn.kde.org/?view=revision&revision=1089241
http://websvn.kde.org/trunk/KDE/kdebase/workspace/krunner/lock/lockdlg.cc?r1=...
http://www.kde.org/info/security/advisory-20100217-1.txt
https://bugs.kde.org/show_bug.cgi?id=217882
https://bugzilla.novell.com/show_bug.cgi?id=579280
MLIST http://marc.info/?l=oss-security&m=126598163422670&w=2
http://marc.info/?l=oss-security&m=126599909614401&w=2
http://marc.info/?l=oss-security&m=126600468622421&w=2
http://www.openwall.com/lists/oss-security/2010/02/17/3
SECTRACK http://securitytracker.com/id?1023641
SECUNIA http://secunia.com/advisories/38600
VUPEN http://www.vupen.com/english/advisories/2010/0409

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2020-05-23 00:25:26
  • Multiple Updates
2016-04-26 19:38:53
  • Multiple Updates
2013-05-10 23:20:16
  • Multiple Updates