CVE-2010-0732

CVSS V2 Medium 6.2 CVSS V3 None
Description
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
Overview
  • CVE ID
  • CVE-2010-0732
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2010-03-19T19:30:00
  • Last Modified Date
  • 2023-02-13T04:16:40
Weakness Enumerations
CWE URL
CWE-362 http://cwe.mitre.org/data/definitions/362.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:gtk:gtk\+:*:*:*:*:*:*:*:* 1 OR 2.18.4
cpe:2.3:a:gnome:screensaver:*:*:*:*:*:*:*:* 0 OR 2.28.0
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:H/Au:N/C:C/I:C/A:C
  • Access Vector
  • LOCAL
  • Access Compatibility
  • HIGH
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 6.2
  • Severity
  • MEDIUM
  • Exploitability Score
  • 1.9
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://www.openwall.com/lists/oss-security/2010/03/16/9
http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1
http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0 Patch
https://bugzilla.redhat.com/show_bug.cgi?id=565527 Patch
http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news
https://bugzilla.gnome.org/show_bug.cgi?id=598476 Patch
http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Linux-wirkungslos-2-Update-928580.html
http://www.openwall.com/lists/oss-security/2010/03/05/2 Patch
http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520
https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395
http://www.openwall.com/lists/oss-security/2010/02/12/1
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
http://secunia.com/advisories/39317
http://www.securityfocus.com/bid/38211
http://www.mandriva.com/security/advisories?name=MDVSA-2010:109
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2010-0732
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0732
History
Created Old Value New Value Data Type Notes
2022-05-10 11:10:43 Added to TrackCVE
2023-02-02 19:02:45 2023-02-02T17:17:13 CVE Modified Date updated
2023-02-02 19:02:46 gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. CVE-2010-0732 gnome-screensaver: Race condition between shaking the unlock dialog and clearing the screen Description updated
2023-02-13 05:03:31 2023-02-13T04:16:40 CVE Modified Date updated
2023-02-13 05:03:32 CVE-2010-0732 gnome-screensaver: Race condition between shaking the unlock dialog and clearing the screen gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. Description updated