Vulnerability Name:

CVE-2010-0285 (CCN-56366)

Assigned:2009-08-31
Published:2009-08-31
Updated:2017-08-17
Summary:gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.6 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:N)
4.9 Medium (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
1.8 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2010-0285

Source: CONFIRM
Type: UNKNOWN
http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca

Source: CCN
Type: GNOME Web site
GnomeScreensaver - GNOME Live!

Source: CONFIRM
Type: UNKNOWN
http://security-tracker.debian.org/tracker/CVE-2010-0285

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2011:093

Source: CCN
Type: OSVDB ID: 62576
gnome-screensaver Extend Screen Option Authentication Bypass

Source: BID
Type: UNKNOWN
38254

Source: CCN
Type: BID-38254
gnome-screensaver Monitor Addition Lock Bypass Vulnerability

Source: CCN
Type: USN-907-1
gnome-screensaver vulnerabilities

Source: CCN
Type: GNOME Bugzilla Bug 593616
Second screen unlocked when moving from 1 monitor setup to 2 monitor setup

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.gnome.org/show_bug.cgi?id=593616

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=557525

Source: XF
Type: UNKNOWN
screensaver-monitor-setup-sec-bypass(56366)

Source: XF
Type: UNKNOWN
screensaver-monitor-setup-sec-bypass(56366)

Source: SUSE
Type: SUSE-SR:2010:004
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnome:screensaver:2.14.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:screensaver:2.22.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:screensaver:2.27:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:screensaver:2.28.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:screensaver:2.28.3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnome:screensaver:2.28.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:screensaver:2.28.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:screensaver:2.20:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20100285
    V
    		CVE-2010-0285
    2022-05-20
    oval:org.opensuse.security:def:32171
    P
    		Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-08-25
    oval:org.opensuse.security:def:29363
    P
    		Security update for djvulibre (Important)
    2021-05-19
    oval:org.opensuse.security:def:32264
    P
    		Security update for perl-XML-Twig (Moderate)
    2021-03-01
    oval:org.opensuse.security:def:29399
    P
    		Security update for MozillaFirefox (Important)
    2021-01-29
    oval:org.opensuse.security:def:32620
    P
    		xterm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28288
    P
    		security update for mysql (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31963
    P
    		Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32708
    P
    		libdrm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28524
    P
    		Security update for sblim-sfcb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27942
    P
    		Security update for GraphicsMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32774
    P
    		puppet on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28626
    P
    		Security update for Mozilla Firefox
    2020-12-01
    oval:org.opensuse.security:def:32321
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:28017
    P
    		Security update for avahi (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33451
    P
    		Security update for GNOME screensaver
    2020-12-01
    oval:org.opensuse.security:def:28681
    P
    		Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:32564
    P
    		libpython2_6-1_0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28231
    P
    		Security update for libtirpc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31952
    P
    		Security update for grub2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32669
    P
    		g3utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28372
    P
    		Security update for python-numpy (Important)
    2020-12-01
    oval:org.opensuse.security:def:32037
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:27941
    P
    		Security update for GraphicsMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32730
    P
    		librsvg on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28577
    P
    		Security update for pcp
    2020-12-01
    oval:org.opensuse.security:def:27953
    P
    		Security update for ImageMagick (Important)
    2020-12-01
    oval:org.opensuse.security:def:33412
    P
    		Security update for Salt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28665
    P
    		Security update for MozillaFirefox
    2020-12-01
    oval:org.opensuse.security:def:32408
    P
    		Security update for wget (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28147
    P
    		Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:31951
    P
    		Security update for grub2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:28725
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.mitre.oval:def:13593
    P
    		USN-907-1 -- gnome-screensaver vulnerabilities
    2014-06-30
    BACK
    gnome screensaver 2.14.3
    gnome screensaver 2.22.2
    gnome screensaver 2.27
    gnome screensaver 2.28.0
    gnome screensaver 2.28.3
    gnome screensaver 2.28.1
    gnome screensaver 2.28.2
    gnome screensaver 2.20