gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Screensaver | Gnome | 2.14.3 (including) | 2.14.3 (including) |
| Screensaver | Gnome | 2.22.2 (including) | 2.22.2 (including) |
| Screensaver | Gnome | 2.27 (including) | 2.27 (including) |
| Screensaver | Gnome | 2.28.0 (including) | 2.28.0 (including) |
| Screensaver | Gnome | 2.28.3 (including) | 2.28.3 (including) |
| Gnome-screensaver | Ubuntu | dapper | * |
| Gnome-screensaver | Ubuntu | intrepid | * |
| Gnome-screensaver | Ubuntu | jaunty | * |
| Gnome-screensaver | Ubuntu | karmic | * |
References
- http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca
- http://security-tracker.debian.org/tracker/CVE-2010-0285
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:093
- http://www.securityfocus.com/bid/38254
- https://bugzilla.gnome.org/show_bug.cgi?id=593616
- https://bugzilla.redhat.com/show_bug.cgi?id=557525
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56366
- http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca
- http://security-tracker.debian.org/tracker/CVE-2010-0285
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:093
- http://www.securityfocus.com/bid/38254
- https://bugzilla.gnome.org/show_bug.cgi?id=593616
- https://bugzilla.redhat.com/show_bug.cgi?id=557525
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56366