|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
GNOME screensaver: bypass with Compiz
Synthesis of the vulnerability
When GNOME screensaver is enabled with Compiz, an attacker can execute commands with privileges of user who locked his session.
Impacted systems: Fedora, NLD, OES, openSUSE, RHEL, SLES.
Severity of this alert: 1/4.
Consequences of an intrusion: user access/rights.
Pirate's origin: user console.
Creation date: 25/01/2008.
Références of this alert: BID-26188, CVE-2007-3920, FEDORA-2008-0930, FEDORA-2008-0956, RHSA-2008:0485-02, SUSE-SA:2008:027, VIGILANCE-VUL-7529.
Description of the vulnerability
The Compiz window manager provides a workspace with 3D animations.
When the screen of a Compiz session is locked by GNOME screensaver, an attacker can press Alt-Tab to access applications opened in user's X session.
This vulnerability therefore permits attacker to access to windows, in order for example to run shell commands with rights of connected user.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides networks vulnerabilities patches. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.