Vulnerability CVE-2010-0422

Vulnerability Name:

CVE-2010-0422 (CCN-56364)

Assigned:

2010-02-12

Published:

2010-02-12

Updated:

2017-08-17

Summary:

gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:C/A:N)
3.0 Low (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:C/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2010-0422

Source: CONFIRM
Type: UNKNOWN
http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.3.news

Source: CONFIRM
Type: UNKNOWN
http://git.gnome.org/browse/gnome-screensaver/commit/?id=271ae93d7b140b8ba40d77f9e4ce894e5fd1b554

Source: CONFIRM
Type: UNKNOWN
http://git.gnome.org/browse/gnome-screensaver/commit/?id=d4dcbd65a2df3c093c4e3a74bbbc75383eb9eadb

Source: CONFIRM
Type: UNKNOWN
http://git.gnome.org/browse/gnome-screensaver/commit/?id=f93a22c175090cf02e80bc3ee676b53f1251f685

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-1855

Source: CCN
Type: GNOME Web site
GnomeScreensaver - GNOME Live!

Source: MLIST
Type: UNKNOWN
[oss-security] 20100212 Re: gnome-screensaver vulnerability (CVE-2010-0414)

Source: CCN
Type: SA38565
gnome-screensaver Monitor Topology Change Security Bypass Weakness

Source: SECUNIA
Type: Vendor Advisory
38565

Source: SECUNIA
Type: Vendor Advisory
38583

Source: BID
Type: UNKNOWN
38248

Source: CCN
Type: BID-38248
gnome-screensaver Monitor Topology Security Bypass Vulnerability

Source: CCN
Type: USN-907-1
gnome-screensaver vulnerabilities

Source: CCN
Type: GNOME Bugzilla Bug 609789
CVE-2010-0422 gnome-screensaver: loses its unlock dialog and keyboard grab sometimes when plugging and unplugging monitor repeatedly

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.gnome.org/show_bug.cgi?id=609789

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=564464

Source: XF
Type: UNKNOWN
gnome-screensaver-monitor-sec-bypass(56364)

Source: XF
Type: UNKNOWN
gnome-screensaver-monitor-sec-bypass(56364)

Source: SUSE
Type: SUSE-SR:2010:004
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnome:screensaver:2.28.0:*:*:*:*:*:*:*

OR cpe:/a:gnome:screensaver:2.28.1:*:*:*:*:*:*:*

OR cpe:/a:gnome:screensaver:2.28.2:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnome:screensaver:2.28.1:*:*:*:*:*:*:*

OR cpe:/a:gnome:screensaver:2.28.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42315	P	Security update for pcre (Important)	2022-07-12
oval:org.opensuse.security:def:20100422	V	CVE-2010-0422	2022-05-20
oval:org.opensuse.security:def:31376	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:31375	P	Security update for libvirt (Important)	2022-01-10
oval:org.opensuse.security:def:31335	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:33062	P	Security update for gettext-runtime (Moderate)	2021-12-14
oval:org.opensuse.security:def:26176	P	Security update for speex (Moderate)	2021-12-01
oval:org.opensuse.security:def:32214	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:31691	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:31690	P	Security update for webkit2gtk3 (Important)	2021-10-06
oval:org.opensuse.security:def:32195	P	Security update for sqlite3 (Important)	2021-09-23
oval:org.opensuse.security:def:26137	P	Security update for sqlite3 (Important)	2021-09-23
oval:org.opensuse.security:def:31264	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:42117	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:26113	P	Security update for mysql-connector-java (Moderate)	2021-08-30
oval:org.opensuse.security:def:31243	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:32151	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:26088	P	Security update for the Linux Kernel (Important)	2021-07-14
oval:org.opensuse.security:def:32129	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:31632	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:36138	P	gnome-screensaver-2.28.3-0.39.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42545	P	gnome-screensaver-2.28.3-0.39.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31190	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:32090	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:31616	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:26035	P	Security update for apache-commons-io (Moderate)	2021-04-26
oval:org.opensuse.security:def:26029	P	Security update for the Linux Kernel (Important)	2021-04-15
oval:org.opensuse.security:def:31605	P	Security update for xorg-x11-server (Important)	2021-04-14
oval:org.opensuse.security:def:31604	P	Security update for spamassassin (Important)	2021-04-12
oval:org.opensuse.security:def:33101	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:32270	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:31740	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:31742	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:26190	P	Security update for MozillaFirefox (Low)	2021-02-10
oval:org.opensuse.security:def:26037	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:31685	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:31178	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:31635	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:31179	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:25979	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:32833	P	Security update for ovmf (Moderate)	2020-12-16
oval:org.opensuse.security:def:25972	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:35908	P	gnome-screensaver-2.28.3-0.32.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35557	P	gnome-screensaver-2.28.3-0.4.30 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41964	P	gnome-screensaver-2.28.3-0.4.30 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35710	P	gnome-screensaver-2.28.3-0.28.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25699	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:31026	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26522	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31396	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:31461	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25685	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25993	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:31971	P	Security update for jakarta-commons-collections (Moderate)	2020-12-01
oval:org.opensuse.security:def:27136	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25120	P	Security update for openwsman (Important)	2020-12-01
oval:org.opensuse.security:def:25450	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:26366	P	Security update for kdelibs4, kio (Moderate)	2020-12-01
oval:org.opensuse.security:def:32483	P	OpenEXR on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25262	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:25546	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:31998	P	Security update for jpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25458	P	Security update for sqlite3 (Important)	2020-12-01
oval:org.opensuse.security:def:25662	P	Security update for apache-commons-httpclient (Important)	2020-12-01
oval:org.opensuse.security:def:31954	P	Security update for gstreamer-0_10-plugins-base (Important)	2020-12-01
oval:org.opensuse.security:def:25763	P	Security Update for Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31037	P	Security update for kdebase4-runtime	2020-12-01
oval:org.opensuse.security:def:31392	P	Security update for pam-modules (Moderate)	2020-12-01
oval:org.opensuse.security:def:32319	P	Security update for ruby (Moderate)	2020-12-01
oval:org.opensuse.security:def:26557	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31488	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25787	P	Security update for libwmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:26675	P	bzip2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31593	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25738	P	Security update for libxslt (Moderate)	2020-12-01
oval:org.opensuse.security:def:26234	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:25838	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:25184	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:25884	P	Security update for lhasa (Moderate)	2020-12-01
oval:org.opensuse.security:def:26405	P	Security update for sox (Moderate)	2020-12-01
oval:org.opensuse.security:def:32522	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25273	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:25603	P	Security update for java-1_8_0-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:32636	P	apache2-mod_php53 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25459	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:25743	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:31844	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:25687	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:25891	P	Security update for libimobiledevice, usbmuxd (Important)	2020-12-01
oval:org.opensuse.security:def:31788	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31111	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:31829	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32358	P	Security update for squidGuard (Moderate)	2020-12-01
oval:org.opensuse.security:def:31545	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:25826	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26710	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25940	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26872	P	cifs-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31822	P	Security update for axis (Moderate)	2020-12-01
oval:org.opensuse.security:def:26463	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:25108	P	Security update for sssd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25312	P	Security update for libsolv (Moderate)	2020-12-01
oval:org.opensuse.security:def:26419	P	Security update for mbedtls (Moderate)	2020-12-01
oval:org.opensuse.security:def:25337	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:31779	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32675	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25470	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:25800	P	Security update for polkit (Moderate)	2020-12-01
oval:org.opensuse.security:def:31893	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:25688	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:32041	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:32424	P	Security update for wpa_supplicant (Important)	2020-12-01
oval:org.opensuse.security:def:31025	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31985	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32380	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:32058	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25840	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:31387	P	Security update for openvpn-openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26907	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31914	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:27101	P	cron on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25109	P	Security update for audit (Moderate)	2020-12-01
oval:org.opensuse.security:def:25393	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:26317	P	Security update for chromium (Moderate)	2020-12-01
oval:org.opensuse.security:def:31845	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:25261	P	Security update for python-cffi, python-cryptography (Moderate)	2020-12-01
oval:org.opensuse.security:def:25465	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:26264	P	Security update for gegl (Moderate)	2020-12-01
oval:org.opensuse.security:def:31801	P	security update for xen (Moderate)	2020-12-01
oval:org.opensuse.security:def:25534	P	Security update for adns (Important)	2020-12-01
oval:org.opensuse.security:def:31479	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:31932	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32872	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:13593	P	USN-907-1 -- gnome-screensaver vulnerabilities	2014-06-30

BACK