CVE-2013-1050

The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.ubuntu.com/usn/USN-1716-1
https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126	Vendor Advisory
https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4
https://bugzilla.gnome.org/show_bug.cgi?id=683060

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnome:gnome_screensaver:3.5.4:::::::*
	cpe:2.3:a:gnome:gnome_screensaver:3.5.5:::::::*
	cpe:2.3:a:gnome:gnome_screensaver:3.6.0:::::::*

Information

Published : 2013-03-08 14:55

Updated : 2013-03-17 21:00

NVD link : CVE-2013-1050

Mitre link : CVE-2013-1050

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

gnome

gnome_screensaver

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ubuntu.com/usn/USN-1716-1", "name": "USN-1716-1", "tags": [], "refsource": "UBUNTU"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126", "name": "https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4", "name": "https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4", "tags": [], "refsource": "MISC"}, {"url": "https://bugzilla.gnome.org/show_bug.cgi?id=683060", "name": "https://bugzilla.gnome.org/show_bug.cgi?id=683060", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-1050", "ASSIGNER": "security@ubuntu.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-03-08T22:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnome:gnome_screensaver:3.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnome:gnome_screensaver:3.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnome:gnome_screensaver:3.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-03-18T04:00Z"}