vulnerability bulletin CVE-2010-0414 GNOME: unlocking gnome-screensaver
Synthesis of the vulnerability

A local attacker can unplug a screen, in order to stop gnome-screensaver.

Severity: 1/4. Consequences: user access/rights. Provenance: user console. Means of attack: 1 attack. Ability of attacker: technician (2/4). Confidence: confirmed by the editor (5/5). Diffusion of the vulnerable configuration: high (3/3). Creation date: 08/02/2010.

Impacted products

• Fedora versions
• Mandriva Linux versions
• Novell Linux Desktop versions
• Novell Open Enterprise Server versions
• OpenSUSE versions
• SUSE Linux Enterprise Server versions
• Unix - plateform

Description of the vulnerability

The gnome-screensaver program locks the screen and displays a drawing. When a system with two screens is locked, an attacker can:  - move the mouse to the secondary screen (the password input form is displayed on this screen)  - unplug the secondary screen  - press a few keyboard keys The gnome-screensaver then tries to handle keys associated to a non existing screen, which stops it. A local attacker can therefore unplug a screen, in order to stop gnome-screensaver, and to access to user's session.

Characteristics

Title: GNOME: unlocking gnome-screensaver Identifiers: 2009-4641, 609337, BID-38149, CVE-2010-0414, FEDORA-2010-1556, MDVSA-2010:040, SUSE-SR:2010:004, VIGILANCE-VUL-9418. Url: https://vigilance.fr/tree/1/9418

Information sources

Publications and announces Source example: Bug 609337 - CVE-2010-0414 gnome-screensaver: loses its unlock dialog and keyboard grab sometimes when unplugging monitor

Solutions for this vulnerability

Patch or workaround

Supplements

Attack Exploit 0day or proof of concept