Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-0422

gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.

Published

2010-02-24T18:30:00.467

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.0 (MEDIUM)

CVSSv2 Vector

AV:L/AC:H/Au:N/C:N/I:C/A:N

Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: COMPLETE
Availability Impact: NONE

Exploitability Score

1.9

Impact Score

6.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnome	screensaver	2.28.0	Yes
Application	gnome	screensaver	2.28.1	Yes
Application	gnome	screensaver	2.28.2	Yes

References

http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.3.news ([email protected])
http://git.gnome.org/browse/gnome-screensaver/commit/?id=271ae93d7b140b8ba40d77f9e4ce894e5fd1b554 ([email protected])
http://git.gnome.org/browse/gnome-screensaver/commit/?id=d4dcbd65a2df3c093c4e3a74bbbc75383eb9eadb ([email protected])
http://git.gnome.org/browse/gnome-screensaver/commit/?id=f93a22c175090cf02e80bc3ee676b53f1251f685 ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035115.html ([email protected])
http://marc.info/?l=oss-security&m=126601292400764&w=2 ([email protected])
http://secunia.com/advisories/38565 Vendor Advisory ([email protected])
http://secunia.com/advisories/38583 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/38248 ([email protected])
https://bugzilla.gnome.org/show_bug.cgi?id=609789 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=564464 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/56364 ([email protected])
http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.3.news (af854a3a-2127-422b-91ae-364da2661108)
http://git.gnome.org/browse/gnome-screensaver/commit/?id=271ae93d7b140b8ba40d77f9e4ce894e5fd1b554 (af854a3a-2127-422b-91ae-364da2661108)
http://git.gnome.org/browse/gnome-screensaver/commit/?id=d4dcbd65a2df3c093c4e3a74bbbc75383eb9eadb (af854a3a-2127-422b-91ae-364da2661108)
http://git.gnome.org/browse/gnome-screensaver/commit/?id=f93a22c175090cf02e80bc3ee676b53f1251f685 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035115.html (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=oss-security&m=126601292400764&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38565 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38583 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/38248 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.gnome.org/show_bug.cgi?id=609789 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=564464 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56364 (af854a3a-2127-422b-91ae-364da2661108)