openSUSE Security Update : lxsession (openSUSE-SU-2010:0426-1)

High Nessus Plugin ID 75640


The remote openSUSE host is missing a security update.


lxsession-logout did not properly lock the screen before suspending, hibernating and switching between users which could allow attackers with physical access to take control of the system to obtain sensitive information and / or execute arbitrary code in the context of the user who is currently logged in (CVE-2010-2532).


Update the affected lxsession package.

See Also

Plugin Details

Severity: High

ID: 75640

File Name: suse_11_3_lxsession-100721.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:lxsession, cpe:/o:novell:opensuse:11.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2010/07/21

Reference Information

CVE: CVE-2010-2532