FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-0422

This CVE name corresponds to:

Entered Topic
2010-02-13 gnome-screensaver -- Multiple monitor hotplug issues

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-0422 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-0422
Phase Assigned(20100127)

Description

gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.

References

Source Reference
MLIST [oss-security] 20100212 Re: gnome-screensaver vulnerability (CVE-2010-0414)
CONFIRM http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.3.news
CONFIRM http://git.gnome.org/browse/gnome-screensaver/commit/?id=271ae93d7b140b8ba40d77f9e4ce894e5fd1b554
CONFIRM http://git.gnome.org/browse/gnome-screensaver/commit/?id=d4dcbd65a2df3c093c4e3a74bbbc75383eb9eadb
CONFIRM http://git.gnome.org/browse/gnome-screensaver/commit/?id=f93a22c175090cf02e80bc3ee676b53f1251f685
CONFIRM https://bugzilla.gnome.org/show_bug.cgi?id=609789
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=564464
FEDORA FEDORA-2010-1855
BID 38248
SECUNIA 38565
SECUNIA 38583
XF gnome-screensaver-monitor-sec-bypass(56364)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.