6.9

CVE-2010-0923

Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KdeKde Sc Version4.4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.2
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://bugs.kde.org/show_bug.cgi?id=226449
http://marc.info/?l=oss-security&m=126598163422670&w=2
http://marc.info/?l=oss-security&m=126599909614401&w=2
http://marc.info/?l=oss-security&m=126600468622421&w=2
http://secunia.com/advisories/38600
Vendor Advisory
http://securitytracker.com/id?1023641
http://websvn.kde.org/?revision=1089213&view=revision
Patch
http://websvn.kde.org/?view=revision&revision=1089241
Patch
http://websvn.kde.org/trunk/KDE/kdebase/workspace/krunner/lock/lockdlg.cc?r1=1089213&r2=1089212&pathrev=1089213
http://www.kde.org/info/security/advisory-20100217-1.txt
http://www.openwall.com/lists/oss-security/2010/02/17/3
http://www.vupen.com/english/advisories/2010/0409
Patch
Vendor Advisory
https://bugs.kde.org/show_bug.cgi?id=217882
https://bugzilla.novell.com/show_bug.cgi?id=579280