Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2010:040 | First vendor Publication | 2010-02-17 |
| Vendor | Mandriva | Last vendor Modification | 2010-02-17 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple vulnerabilities has been discovered and corrected in gnome-screensaver: gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended (CVE-2009-4641). gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor (CVE-2010-0414). This update provides gnome-screensaver 2.28.3, which is not vulnerable to these issues. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:040 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12872 | |||
| Oval ID: | oval:org.mitre.oval:def:12872 | ||
| Title: | USN-898-1 -- gnome-screensaver vulnerability | ||
| Description: | It was discovered that gnome-screensaver did not correctly handle monitor hotplugging. An attacker with physical access could cause gnome-screensaver to crash and gain access to the locked session. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-898-1 CVE-2010-0414 | Version: | 5 |
| Platform(s): | Ubuntu 9.10 | Product(s): | gnome-screensaver |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13229 | |||
| Oval ID: | oval:org.mitre.oval:def:13229 | ||
| Title: | USN-866-1 -- gnome-screensaver vulnerability | ||
| Description: | It was discovered that gnome-screensaver did not always re-enable itself after applications requested it to ignore idle timers. This may result in the screen not being automatically locked after the inactivity timeout is reached, permitting an attacker with physical access to gain access to an unlocked session. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-866-1 CVE-2009-4641 | Version: | 5 |
| Platform(s): | Ubuntu 9.10 | Product(s): | gnome-screensaver |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-03-02 | Name : Fedora Update for gnome-screensaver FEDORA-2010-1556 File : nvt/gb_fedora_2010_1556_gnome-screensaver_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for gnome-screensaver FEDORA-2010-1855 File : nvt/gb_fedora_2010_1855_gnome-screensaver_fc12.nasl |
| 2010-02-19 | Name : Mandriva Update for gnome-screensaver MDVSA-2010:040 (gnome-screensaver) File : nvt/gb_mandriva_MDVSA_2010_040.nasl |
| 2010-02-18 | Name : FreeBSD Ports: gnome-screensaver File : nvt/freebsd_gnome-screensaver.nasl |
| 2010-02-15 | Name : Ubuntu Update for gnome-screensaver vulnerability USN-898-1 File : nvt/gb_ubuntu_USN_898_1.nasl |
| 2010-01-22 | Name : Mandriva Update for mmc-wizard MDVA-2010:040 (mmc-wizard) File : nvt/gb_mandriva_MDVA_2010_040.nasl |
| 2009-12-10 | Name : Ubuntu USN-866-1 (gnome-screensaver) File : nvt/ubuntu_866_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 62219 | gnome-screensaver Monitor Topology Change Screen Lock Bypass |
| 61117 | gnome-screensaver on Ubuntu Linux Idle Timer Re-enable Weakness |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-07-30 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-040.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1556.nasl - Type : ACT_GATHER_INFO |
| 2010-02-16 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_gnome-screensaver-100214.nasl - Type : ACT_GATHER_INFO |
| 2010-02-15 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_0a82ac0c188611dfb0d10015f2db7bde.nasl - Type : ACT_GATHER_INFO |
| 2010-02-11 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-898-1.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-866-1.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:41:16 |
|
