openSUSE Security Update : lxsession (openSUSE-SU-2010:0426-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

lxsession-logout did not properly lock the screen before suspending,
hibernating and switching between users which could allow attackers
with physical access to take control of the system to obtain sensitive
information and / or execute arbitrary code in the context of the user
who is currently logged in (CVE-2010-2532).

See also :

http://lists.opensuse.org/opensuse-updates/2010-07/msg00035.html
https://bugzilla.novell.com/show_bug.cgi?id=622083
https://bugzilla.novell.com/show_bug.cgi?id=623192

Solution :

Update the affected lxsession package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 75640 ()

Bugtraq ID:

CVE ID: CVE-2010-2532

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now