6.2

CVE-2010-0732

gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnomeGtk Version < 2.18.5
GnomeScreensaver Version < 2.28.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.215
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.2 1.9 10
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
Third Party Advisory
http://secunia.com/advisories/39317
Broken Link
http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news
Vendor Advisory
http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520
Vendor Advisory
http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0
Patch
http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1
Patch
http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Linux-wirkungslos-2-Update-928580.html
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:109
Broken Link
http://www.openwall.com/lists/oss-security/2010/02/12/1
Mailing List
http://www.openwall.com/lists/oss-security/2010/03/05/2
Patch
Mailing List
http://www.openwall.com/lists/oss-security/2010/03/16/9
Mailing List
http://www.securityfocus.com/bid/38211
Third Party Advisory
VDB Entry
https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395
Third Party Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=598476
Patch
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=565527
Patch
Issue Tracking