The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Compiz_fusion | Compiz | 0.7.8 (including) | 0.7.8 (including) |
| Compiz-fusion-plugins-main | Ubuntu | devel | * |
| Compiz-fusion-plugins-main | Ubuntu | gutsy | * |
| Compiz-fusion-plugins-main | Ubuntu | hardy | * |
| Compiz-fusion-plugins-main | Ubuntu | intrepid | * |
References
- http://bugzilla.gnome.org/show_bug.cgi?id=561567
- http://gitweb.compiz-fusion.org/?p=fusion/plugins/expo%3Ba=commit%3Bh=f97a9fa6f0ad578f674d1f248bd7bef90e3260e0
- http://secunia.com/advisories/33077
- http://secunia.com/advisories/34465
- http://www.securityfocus.com/bid/32712
- https://bugs.launchpad.net/ubuntu/+source/compiz-fusion-plugins-main/+bug/247088
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47172
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00860.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00878.html
- http://bugzilla.gnome.org/show_bug.cgi?id=561567
- http://gitweb.compiz-fusion.org/?p=fusion/plugins/expo%3Ba=commit%3Bh=f97a9fa6f0ad578f674d1f248bd7bef90e3260e0
- http://secunia.com/advisories/33077
- http://secunia.com/advisories/34465
- http://www.securityfocus.com/bid/32712
- https://bugs.launchpad.net/ubuntu/+source/compiz-fusion-plugins-main/+bug/247088
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47172
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00860.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00878.html