CVE-2012-3452

gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation.

CVSS v2.0 3.3 LOW

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 3.4 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://bugzilla.gnome.org/show_bug.cgi?id=679441
http://www.openwall.com/lists/oss-security/2012/08/03/5
http://www.openwall.com/lists/oss-security/2012/08/03/3

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnome:screensaver:3.4.0:::::::*
	cpe:2.3:a:gnome:screensaver:3.4.2:::::::*
	cpe:2.3:a:gnome:screensaver:3.4.3:::::::*
	cpe:2.3:a:gnome:screensaver:3.5.3:::::::*

Information

Published : 2012-08-07 13:55

Updated : 2012-08-07 21:00

NVD link : CVE-2012-3452

Mitre link : CVE-2012-3452

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

gnome

screensaver

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.gnome.org/show_bug.cgi?id=679441", "name": "https://bugzilla.gnome.org/show_bug.cgi?id=679441", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.openwall.com/lists/oss-security/2012/08/03/5", "name": "[oss-security] 20120803 Re: gnome-screensaver 3.4.2 locked only active screen", "tags": [], "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2012/08/03/3", "name": "[oss-security] 20120803 gnome-screensaver 3.4.2 locked only active screen", "tags": [], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-3452", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-08-07T20:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnome:screensaver:3.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnome:screensaver:3.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnome:screensaver:3.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnome:screensaver:3.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2012-08-08T04:00Z"}

3.3 /10