Ubuntu 7.10 / 8.04 LTS / 8.10 : compiz-fusion-plugins-main vulnerability (USN-688-1)

Ubuntu Security Notice (C) 2008-2013 Canonical, Inc. / NASL script (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

It was discovered that the Expo plugin for Compiz did not correctly
restrict the screensaver window from being moved with the mouse. A
local attacker could use the mouse to move the screensaver off the
screen and gain access to the locked desktop session underneath.
Default installs of Ubuntu were not vulnerable as Expo does not come
pre-configured with mouse bindings.

Solution :

Update the affected compiz-fusion-plugins-main package.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 37422 ()

Bugtraq ID:

CVE ID: CVE-2008-6514