Ubuntu 7.10 / 8.04 LTS / 8.10 : compiz-fusion-plugins-main vulnerability (USN-688-1)

Ubuntu Security Notice (C) 2008-2016 Canonical, Inc. / NASL script (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

It was discovered that the Expo plugin for Compiz did not correctly
restrict the screensaver window from being moved with the mouse. A
local attacker could use the mouse to move the screensaver off the
screen and gain access to the locked desktop session underneath.
Default installs of Ubuntu were not vulnerable as Expo does not come
pre-configured with mouse bindings.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected compiz-fusion-plugins-main package.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 37422 ()

Bugtraq ID:

CVE ID: CVE-2008-6514