| Vulnerability Name: | CVE-2009-4642 (CCN-56713) | ||||||||
| Assigned: | 2009-08-17 | ||||||||
| Published: | 2009-08-17 | ||||||||
| Updated: | 2010-03-22 | ||||||||
| Summary: | gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.8 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
1.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CONFIRM Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536381 Source: CONFIRM Type: UNKNOWN http://bugzilla.xfce.org/show_bug.cgi?id=5927 Source: MITRE Type: CNA CVE-2009-4642 Source: CCN Type: OSVDB ID: 62323 gnome-screensaver gnome-session D-Bus Interface Screen Locking Bypass Source: CCN Type: GNOME Bugzilla Bug 592093 Reliance on gnome-session Source: CONFIRM Type: UNKNOWN https://bugzilla.gnome.org/show_bug.cgi?id=592093 Source: XF Type: UNKNOWN gnomescreensaver-dbus-security-bypass(56713) Source: CONFIRM Type: UNKNOWN https://launchpad.net/bugs/411350 Source: CONFIRM Type: UNKNOWN https://launchpad.net/bugs/493573 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||