Mandriva Linux Security Advisory : gnome-screensaver (MDVSA-2010:040)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Multiple vulnerabilities has been discovered and corrected in
gnome-screensaver :

gnome-screensaver 2.28.0 does not resume adherence to its activation
settings after an inhibiting application becomes unavailable on the
session bus, which allows physically proximate attackers to access an
unattended workstation on which screen locking had been intended
(CVE-2009-4641).

gnome-screensaver before 2.28.2 allows physically proximate attackers
to bypass screen locking and access an unattended workstation by
moving the mouse position to an external monitor and then
disconnecting that monitor (CVE-2010-0414).

This update provides gnome-screensaver 2.28.3, which is not vulnerable
to these issues.

Solution :

Update the affected gnome-screensaver package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 48174 (mandriva_MDVSA-2010-040.nasl)

Bugtraq ID:

CVE ID: CVE-2009-4641
CVE-2010-0414

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now