| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability alert CVE-2012-0064
Xorg: stop the ScreenSaver
Synthesis of the vulnerability
| An attacker, who has access to the Xorg console, can press a key combination, in order to stop all locked screen savers. |
Severity: 2/4.
Creation date: 19/01/2012.
|
Impacted products
Description of the vulnerability
Before 2008, graphic application developers sometimes needed to kill a window grabbing the screen. In order to do so, two keyboard shortcuts were used:
- Ctrl+Alt+Keypad-Multiply : kill the process which grabbed the screen
- Ctrl+Alt+Keypad-Divide : deactivate the grab
Both feature were only enabled when AllowClosedownGrabs and AllowDeactivateGrabs were set in xorg.conf. In 2008, Xorg developers suppressed this feature, which was seen as dangerous.
In 2011 (Xorg version 1.10.99.902), developers reintroduced this feature because they needed it. However, it is now enabled by default.
An attacker, who has access to the Xorg console, can therefore press a key combination, in order to stop all locked screen savers. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: Xorg: stop the ScreenSaver.
Keywords: 902 2008 2011 AllowClosedownGrabs AllowDeactivateGrabs Alt Ctrl Keypad-Divide Keypad-Multiply ScreenSaver Xorg stop.
Identifiers: BID-51562, CVE-2012-0064, FEDORA-2012-0709, FEDORA-2012-0712, VIGILANCE-VUL-11306.
|
Information sources
Solutions for this vulnerability
Supplements
Computer vulnerabilities tracking service
Vigil@nce provides a system vulnerability watch. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce vulnerability database contains several thousand vulnerabilities.
|
