CVE-2010-2532

** DISPUTED ** lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.openwall.com/lists/oss-security/2010/07/16/4
https://bugzilla.novell.com/show_bug.cgi?id=622083
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://www.openwall.com/lists/oss-security/2010/07/15/1
https://bugzillafiles.novell.org/attachment.cgi?id=375737
https://bugzilla.redhat.com/show_bug.cgi?id=614608

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*

Information

Published : 2010-09-03 13:00

Updated : 2023-02-12 12:15

NVD link : CVE-2010-2532

Mitre link : CVE-2010-2532

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

opensuse

opensuse

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2010/07/16/4", "name": "[oss-security] 20100715 Re: CVE request: lxsession-logout", "tags": [], "refsource": "MLIST"}, {"url": "https://bugzilla.novell.com/show_bug.cgi?id=622083", "name": "https://bugzilla.novell.com/show_bug.cgi?id=622083", "tags": [], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html", "name": "SUSE-SR:2010:014", "tags": [], "refsource": "SUSE"}, {"url": "http://www.openwall.com/lists/oss-security/2010/07/15/1", "name": "[oss-security] 20100715 CVE request: lxsession-logout", "tags": [], "refsource": "MLIST"}, {"url": "https://bugzillafiles.novell.org/attachment.cgi?id=375737", "name": "https://bugzillafiles.novell.org/attachment.cgi?id=375737", "tags": [], "refsource": "CONFIRM"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=614608", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=614608", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "** DISPUTED ** lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-2532", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-09-03T20:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-12T20:15Z"}