Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2009:278 | First vendor Publication | 2009-10-14 |
| Vendor | Mandriva | Last vendor Modification | 2009-10-14 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:H/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 6.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | High |
| Cvss Expoit Score | 1.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability has been found and corrected in compiz-fusion-plugins-main: The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920 (CVE-2008-6514). This update fixes this vulnerability. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:278 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10192 | |||
| Oval ID: | oval:org.mitre.oval:def:10192 | ||
| Title: | GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. | ||
| Description: | GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-3920 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17307 | |||
| Oval ID: | oval:org.mitre.oval:def:17307 | ||
| Title: | USN-688-1 -- compiz-fusion-plugins-main vulnerability | ||
| Description: | It was discovered that the Expo plugin for Compiz did not correctly restrict the screensaver window from being moved with the mouse. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-688-1 CVE-2008-6514 | Version: | 7 |
| Platform(s): | Ubuntu 7.10 Ubuntu 8.04 Ubuntu 8.10 | Product(s): | compiz-fusion-plugins-main |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17542 | |||
| Oval ID: | oval:org.mitre.oval:def:17542 | ||
| Title: | USN-537-1 -- gnome-screensaver vulnerability | ||
| Description: | Jens Askengren discovered that gnome-screensaver became confused when running under Compiz, and could lose keyboard lock focus. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-537-1 CVE-2007-3920 | Version: | 7 |
| Platform(s): | Ubuntu 7.10 | Product(s): | gnome-screensaver |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17656 | |||
| Oval ID: | oval:org.mitre.oval:def:17656 | ||
| Title: | USN-537-2 -- compiz vulnerability | ||
| Description: | USN-537-1 fixed vulnerabilities in gnome-screensaver. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-537-2 CVE-2007-3920 | Version: | 5 |
| Platform(s): | Ubuntu 7.10 | Product(s): | compiz |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22308 | |||
| Oval ID: | oval:org.mitre.oval:def:22308 | ||
| Title: | ELSA-2008:0485: compiz security update (Low) | ||
| Description: | GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0485-02 CVE-2007-3920 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | compiz |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 | |
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-19 | Name : Mandrake Security Advisory MDVSA-2009:278 (compiz-fusion-plugins-main) File : nvt/mdksa_2009_278.nasl |
| 2009-03-31 | Name : Fedora Core 10 FEDORA-2009-2986 (compiz-fusion) File : nvt/fcore_2009_2986.nasl |
| 2009-03-31 | Name : Fedora Core 9 FEDORA-2009-3003 (compiz-fusion) File : nvt/fcore_2009_3003.nasl |
| 2009-03-23 | Name : Ubuntu Update for gnome-screensaver vulnerability USN-537-1 File : nvt/gb_ubuntu_USN_537_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for compiz vulnerability USN-537-2 File : nvt/gb_ubuntu_USN_537_2.nasl |
| 2009-02-17 | Name : Fedora Update for xorg-x11-server FEDORA-2008-0930 File : nvt/gb_fedora_2008_0930_xorg-x11-server_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for xorg-x11-server FEDORA-2008-0956 File : nvt/gb_fedora_2008_0956_xorg-x11-server_fc7.nasl |
| 2009-01-23 | Name : SuSE Update for xorg-x11,XFree86 SUSE-SA:2008:027 File : nvt/gb_suse_2008_027.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 52918 | Expo Plugin for Compiz Fusion Expo Mouse Shortcuts Local Screensaver Bypass |
| 41988 | GNOME screensaver With Compiz Screen Focus Weakness |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080521_compiz_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2010-11-05 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_compiz-fusion-plugins-main-100217.nasl - Type : ACT_GATHER_INFO |
| 2010-03-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_compiz-fusion-plugins-main-100216.nasl - Type : ACT_GATHER_INFO |
| 2010-03-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_compiz-fusion-plugins-main-100216.nasl - Type : ACT_GATHER_INFO |
| 2010-03-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_compiz-fusion-plugins-main-100216.nasl - Type : ACT_GATHER_INFO |
| 2009-10-15 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-278.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2986.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-688-1.nasl - Type : ACT_GATHER_INFO |
| 2009-03-27 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3003.nasl - Type : ACT_GATHER_INFO |
| 2008-06-12 | Name : The remote openSUSE host is missing a security update. File : suse_xorg-x11-Xvnc-5317.nasl - Type : ACT_GATHER_INFO |
| 2008-06-12 | Name : The remote openSUSE host is missing a security update. File : suse_xorg-x11-server-5316.nasl - Type : ACT_GATHER_INFO |
| 2008-05-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0485.nasl - Type : ACT_GATHER_INFO |
| 2008-01-27 | Name : The remote Fedora host is missing a security update. File : fedora_2008-0930.nasl - Type : ACT_GATHER_INFO |
| 2008-01-27 | Name : The remote Fedora host is missing a security update. File : fedora_2008-0956.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-537-1.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-537-2.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:40:53 |
|
