CVE-2010-0732

EPSS 0.04%
Veröffentlicht 19.03.2010 19:30:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 18

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnome ≫ Gtk Version < 2.18.5

Gnome ≫ Screensaver Version < 2.28.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.112

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.2	1.9	10	AV:L/AC:H/Au:N/C:C/I:C/A:C

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

Third Party Advisory

http://secunia.com/advisories/39317

Broken Link

http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news

Vendor Advisory

http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520

Vendor Advisory

http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0

Patch

http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1

Patch