This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-201201-16
(X.Org X Server/X Keyboard Configuration Database: Screen lock bypass)
Starting with the =x11-base/xorg-server-1.11 package, the X.Org X Server
again provides debugging functionality that can be used terminate an
application that exclusively grabs mouse and keyboard input, like screen
Gu1 reported that the X Keyboard Configuration Database maps this
functionality by default to the Ctrl+Alt+Numpad * key combination.
A physically proximate attacker could exploit this vulnerability to gain
access to a locked X session without providing the correct credentials.
Downgrade to any version of x11-base/xorg-server below
# emerge --oneshot --verbose '<x11-base/xorg-server-1.11'
See also :
All xkeyboard-config users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
NOTE: The X.Org X Server 1.11 was only stable on the AMD64, ARM, HPPA,
and x86 architectures. Users of the stable branches of all other
architectures are not affected and will be directly provided with a fixed
X Keyboard Configuration Database version.
Risk factor :
Medium / CVSS Base Score : 4.6
CVSS Temporal Score : 3.8
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 57722 ()
Bugtraq ID: 51562
CVE ID: CVE-2012-0064
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.