Vulnerability Name:

CVE-2010-0414 (CCN-56186)

Assigned:2010-02-08
Published:2010-02-08
Updated:2010-02-26
Summary:gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
6.2 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
1.8 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2010-0414

Source: CONFIRM
Type: UNKNOWN
http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.2.news

Source: CCN
Type: GNOME GIT source code repository
GNOME Screensaver

Source: CONFIRM
Type: UNKNOWN
http://git.gnome.org/browse/gnome-screensaver/commit/?id=a5f66339be6719c2b8fc478a1d5fc6545297d950

Source: CONFIRM
Type: UNKNOWN
http://git.gnome.org/browse/gnome-screensaver/commit/?id=dcca89b7ab6e1220815af38da246434b2e13fd9f

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-1556

Source: CCN
Type: GNOME Web site
GnomeScreensaver - GNOME Live!

Source: CCN
Type: SA38468
gnome-screensaver Monitor Topology Change Security Bypass Weakness

Source: SECUNIA
Type: Vendor Advisory
38468

Source: CCN
Type: SA38532
Ubuntu update for gnome-screensaver

Source: SECUNIA
Type: UNKNOWN
38532

Source: SECUNIA
Type: Vendor Advisory
38534

Source: CCN
Type: SA38565
gnome-screensaver Monitor Topology Change Security Bypass Weakness

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:040

Source: OSVDB
Type: UNKNOWN
62219

Source: CCN
Type: OSVDB ID: 62219
gnome-screensaver Monitor Topology Change Screen Lock Bypass

Source: CCN
Type: OSVDB ID: 62371
gnome-screensaver Monitor Topology Change Security Bypass Weakness

Source: BID
Type: UNKNOWN
38149

Source: CCN
Type: BID-38149
gnome-screensaver Monitor Removal Lock Bypass Vulnerability

Source: CCN
Type: USN-898-1
gnome-screensaver vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-898-1

Source: CCN
Type: GNOME Bugzilla Bug 609337
CVE-2010-0414 gnome-screensaver: loses its unlock dialog and keyboard grab sometimes when unplugging monitor

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.gnome.org/show_bug.cgi?id=609337

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=562217

Source: XF
Type: UNKNOWN
gnomescreensaver-monitor-security-bypass(56186)

Source: SUSE
Type: SUSE-SR:2010:004
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnome:screensaver:2.13:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:screensaver:2.20:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:screensaver:2.20.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:screensaver:2.26.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:screensaver:2.28.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:screensaver:*:*:*:*:*:*:*:* (Version <= 2.28.1)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:42315
    P
    		Security update for pcre (Important)
    2022-07-12
    oval:org.opensuse.security:def:20100414
    V
    		CVE-2010-0414
    2022-05-20
    oval:org.opensuse.security:def:31376
    P
    		Security update for apache2 (Important)
    2022-01-12
    oval:org.opensuse.security:def:31375
    P
    		Security update for libvirt (Important)
    2022-01-10
    oval:org.opensuse.security:def:31335
    P
    		Security update for xorg-x11-server (Important)
    2021-12-20
    oval:org.opensuse.security:def:33062
    P
    		Security update for gettext-runtime (Moderate)
    2021-12-14
    oval:org.opensuse.security:def:26176
    P
    		Security update for speex (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:32214
    P
    		Security update for pcre (Moderate)
    2021-11-10
    oval:org.opensuse.security:def:31691
    P
    		Security update for apache2 (Important)
    2021-10-06
    oval:org.opensuse.security:def:31690
    P
    		Security update for webkit2gtk3 (Important)
    2021-10-06
    oval:org.opensuse.security:def:32195
    P
    		Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:26137
    P
    		Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:31264
    P
    		Security update for file (Important)
    2021-09-02
    oval:org.opensuse.security:def:42117
    P
    		Security update for xen (Important)
    2021-09-02
    oval:org.opensuse.security:def:26113
    P
    		Security update for mysql-connector-java (Moderate)
    2021-08-30
    oval:org.opensuse.security:def:31243
    P
    		Security update for cpio (Important)
    2021-08-14
    oval:org.opensuse.security:def:32151
    P
    		Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)
    2021-07-27
    oval:org.opensuse.security:def:26088
    P
    		Security update for the Linux Kernel (Important)
    2021-07-14
    oval:org.opensuse.security:def:32129
    P
    		Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)
    2021-06-18
    oval:org.opensuse.security:def:31632
    P
    		Security update for MozillaFirefox (Important)
    2021-06-08
    oval:org.opensuse.security:def:36138
    P
    		gnome-screensaver-2.28.3-0.39.17 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42545
    P
    		gnome-screensaver-2.28.3-0.39.17 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:31190
    P
    		Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)
    2021-06-04
    oval:org.opensuse.security:def:32090
    P
    		Security update for avahi (Important)
    2021-06-03
    oval:org.opensuse.security:def:31616
    P
    		Security update for bind (Important)
    2021-05-04
    oval:org.opensuse.security:def:26035
    P
    		Security update for apache-commons-io (Moderate)
    2021-04-26
    oval:org.opensuse.security:def:26029
    P
    		Security update for the Linux Kernel (Important)
    2021-04-15
    oval:org.opensuse.security:def:31605
    P
    		Security update for xorg-x11-server (Important)
    2021-04-14
    oval:org.opensuse.security:def:31604
    P
    		Security update for spamassassin (Important)
    2021-04-12
    oval:org.opensuse.security:def:33101
    P
    		Security update for nghttp2 (Important)
    2021-03-24
    oval:org.opensuse.security:def:32270
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:31740
    P
    		Security update for the Linux Kernel (Important)
    2021-03-09
    oval:org.opensuse.security:def:31742
    P
    		Security update for git (Important)
    2021-03-09
    oval:org.opensuse.security:def:26190
    P
    		Security update for MozillaFirefox (Low)
    2021-02-10
    oval:org.opensuse.security:def:26037
    P
    		Security update for the Linux Kernel (Important)
    2021-01-15
    oval:org.opensuse.security:def:31685
    P
    		Security update for java-1_8_0-ibm (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:31178
    P
    		Security update for flac (Moderate)
    2021-01-04
    oval:org.opensuse.security:def:31635
    P
    		Security update for java-1_7_1-ibm (Moderate)
    2021-01-04
    oval:org.opensuse.security:def:31179
    P
    		Security update for dovecot22 (Important)
    2021-01-04
    oval:org.opensuse.security:def:25979
    P
    		Security update for xen (Moderate)
    2020-12-18
    oval:org.opensuse.security:def:32833
    P
    		Security update for ovmf (Moderate)
    2020-12-16
    oval:org.opensuse.security:def:25972
    P
    		Security update for postgresql12 (Important)
    2020-12-04
    oval:org.opensuse.security:def:35908
    P
    		gnome-screensaver-2.28.3-0.32.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35557
    P
    		gnome-screensaver-2.28.3-0.4.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:41964
    P
    		gnome-screensaver-2.28.3-0.4.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35710
    P
    		gnome-screensaver-2.28.3-0.28.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:25699
    P
    		Security update for dnsmasq (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31026
    P
    		Security update for java-1_7_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26522
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31396
    P
    		Security update for perl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31461
    P
    		Security update for postgresql94 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25685
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25993
    P
    		Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31971
    P
    		Security update for jakarta-commons-collections (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27136
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25120
    P
    		Security update for openwsman (Important)
    2020-12-01
    oval:org.opensuse.security:def:25450
    P
    		Security update for bluez (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26366
    P
    		Security update for kdelibs4, kio (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32483
    P
    		OpenEXR on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25262
    P
    		Security update for spamassassin (Important)
    2020-12-01
    oval:org.opensuse.security:def:25546
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31998
    P
    		Security update for jpeg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25458
    P
    		Security update for sqlite3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25662
    P
    		Security update for apache-commons-httpclient (Important)
    2020-12-01
    oval:org.opensuse.security:def:31954
    P
    		Security update for gstreamer-0_10-plugins-base (Important)
    2020-12-01
    oval:org.opensuse.security:def:25763
    P
    		Security Update for Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31037
    P
    		Security update for kdebase4-runtime
    2020-12-01
    oval:org.opensuse.security:def:31392
    P
    		Security update for pam-modules (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32319
    P
    		Security update for ruby (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26557
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31488
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25787
    P
    		Security update for libwmf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26675
    P
    		bzip2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31593
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25738
    P
    		Security update for libxslt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26234
    P
    		Security update for LibreOffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25838
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:25184
    P
    		Security update for vim (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25884
    P
    		Security update for lhasa (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26405
    P
    		Security update for sox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32522
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25273
    P
    		Security update for ceph (Important)
    2020-12-01
    oval:org.opensuse.security:def:25603
    P
    		Security update for java-1_8_0-openjdk (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32636
    P
    		apache2-mod_php53 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25459
    P
    		Security update for cups (Important)
    2020-12-01
    oval:org.opensuse.security:def:25743
    P
    		Security update for libssh (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31844
    P
    		Security update for clamav (Important)
    2020-12-01
    oval:org.opensuse.security:def:25687
    P
    		Security update for bluez (Important)
    2020-12-01
    oval:org.opensuse.security:def:25891
    P
    		Security update for libimobiledevice, usbmuxd (Important)
    2020-12-01
    oval:org.opensuse.security:def:31788
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:31111
    P
    		Security update for krb5 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31829
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:32358
    P
    		Security update for squidGuard (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31545
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:25826
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26710
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25940
    P
    		Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:26872
    P
    		cifs-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31822
    P
    		Security update for axis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26463
    P
    		Security update for enigmail (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25108
    P
    		Security update for sssd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25312
    P
    		Security update for libsolv (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26419
    P
    		Security update for mbedtls (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25337
    P
    		Security update for ucode-intel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31779
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:32675
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25470
    P
    		Security update for permissions (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25800
    P
    		Security update for polkit (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31893
    P
    		Security update for expat (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25688
    P
    		Security update for systemd (Important)
    2020-12-01
    oval:org.opensuse.security:def:32041
    P
    		Security update for krb5 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32424
    P
    		Security update for wpa_supplicant (Important)
    2020-12-01
    oval:org.opensuse.security:def:31025
    P
    		Security update for java-1_7_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:31985
    P
    		Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:32380
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32058
    P
    		Security update for kvm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25840
    P
    		Security update for libvirt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31387
    P
    		Security update for openvpn-openssl1 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26907
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31914
    P
    		Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27101
    P
    		cron on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25109
    P
    		Security update for audit (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25393
    P
    		Security update for libqt5-qtbase (Important)
    2020-12-01
    oval:org.opensuse.security:def:26317
    P
    		Security update for chromium (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31845
    P
    		Security update for clamav (Important)
    2020-12-01
    oval:org.opensuse.security:def:25261
    P
    		Security update for python-cffi, python-cryptography (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25465
    P
    		Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:26264
    P
    		Security update for gegl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31801
    P
    		security update for xen (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25534
    P
    		Security update for adns (Important)
    2020-12-01
    oval:org.opensuse.security:def:31479
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31932
    P
    		Security update for libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32872
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:12872
    P
    		USN-898-1 -- gnome-screensaver vulnerability
    2014-06-30
    BACK
    gnome screensaver 2.13
    gnome screensaver 2.20
    gnome screensaver 2.20.0
    gnome screensaver 2.26.1
    gnome screensaver 2.28.0
    gnome screensaver *