CVE-2010-0414

HIGH

Description

gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.

References

http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.2.news

http://git.gnome.org/browse/gnome-screensaver/commit/?id=a5f66339be6719c2b8fc478a1d5fc6545297d950

http://git.gnome.org/browse/gnome-screensaver/commit/?id=dcca89b7ab6e1220815af38da246434b2e13fd9f

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034904.html

http://secunia.com/advisories/38468

http://secunia.com/advisories/38532

http://secunia.com/advisories/38534

http://www.mandriva.com/security/advisories?name=MDVSA-2010:040

http://www.osvdb.org/62219

http://www.securityfocus.com/bid/38149

http://www.ubuntu.com/usn/USN-898-1

https://bugzilla.gnome.org/show_bug.cgi?id=609337

https://bugzilla.redhat.com/show_bug.cgi?id=562217

Details

Source: MITRE

Published: 2010-02-11

Updated: 2010-02-26

Type: NVD-CWE-Other

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (5 total)

ID	Name	Product	Family	Severity
48174	Mandriva Linux Security Advisory : gnome-screensaver (MDVSA-2010:040)	Nessus	Mandriva Local Security Checks	high
47263	Fedora 12 : gnome-screensaver-2.28.2-1.fc12 (2010-1556)	Nessus	Fedora Local Security Checks	high
44622	openSUSE Security Update : gnome-screensaver (gnome-screensaver-1973)	Nessus	SuSE Local Security Checks	high
44599	FreeBSD : gnome-screensaver -- Multiple monitor hotplug issues (0a82ac0c-1886-11df-b0d1-0015f2db7bde)	Nessus	FreeBSD Local Security Checks	high
44586	Ubuntu 9.10 : gnome-screensaver vulnerability (USN-898-1)	Nessus	Ubuntu Local Security Checks	high