Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-0923

Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes.

Published

2010-03-03T19:30:00.917

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	kde	kde_sc	4.4.0	Yes

References

http://bugs.kde.org/show_bug.cgi?id=226449 ([email protected])
http://marc.info/?l=oss-security&m=126598163422670&w=2 ([email protected])
http://marc.info/?l=oss-security&m=126599909614401&w=2 ([email protected])
http://marc.info/?l=oss-security&m=126600468622421&w=2 ([email protected])
http://secunia.com/advisories/38600 Vendor Advisory ([email protected])
http://securitytracker.com/id?1023641 ([email protected])
http://websvn.kde.org/?revision=1089213&view=revision Patch ([email protected])
http://websvn.kde.org/?view=revision&revision=1089241 Patch ([email protected])
http://websvn.kde.org/trunk/KDE/kdebase/workspace/krunner/lock/lockdlg.cc?r1=1089213&r2=1089212&pathrev=1089213 ([email protected])
http://www.kde.org/info/security/advisory-20100217-1.txt ([email protected])
http://www.openwall.com/lists/oss-security/2010/02/17/3 ([email protected])
http://www.vupen.com/english/advisories/2010/0409 Patch, Vendor Advisory ([email protected])
https://bugs.kde.org/show_bug.cgi?id=217882 ([email protected])
https://bugzilla.novell.com/show_bug.cgi?id=579280 ([email protected])
http://bugs.kde.org/show_bug.cgi?id=226449 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=oss-security&m=126598163422670&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=oss-security&m=126599909614401&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=oss-security&m=126600468622421&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38600 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1023641 (af854a3a-2127-422b-91ae-364da2661108)
http://websvn.kde.org/?revision=1089213&view=revision Patch (af854a3a-2127-422b-91ae-364da2661108)
http://websvn.kde.org/?view=revision&revision=1089241 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://websvn.kde.org/trunk/KDE/kdebase/workspace/krunner/lock/lockdlg.cc?r1=1089213&r2=1089212&pathrev=1089213 (af854a3a-2127-422b-91ae-364da2661108)
http://www.kde.org/info/security/advisory-20100217-1.txt (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2010/02/17/3 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0409 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.kde.org/show_bug.cgi?id=217882 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.novell.com/show_bug.cgi?id=579280 (af854a3a-2127-422b-91ae-364da2661108)