The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of GNOME screensaver: bypass with Compiz

Synthesis of the vulnerability

When GNOME screensaver is enabled with Compiz, an attacker can execute commands with privileges of user who locked his session.
Severity of this alert: 1/4.
Creation date: 25/01/2008.
Références of this alert: BID-26188, CVE-2007-3920, FEDORA-2008-0930, FEDORA-2008-0956, RHSA-2008:0485-02, SUSE-SA:2008:027, VIGILANCE-VUL-7529.

Description of the vulnerability

The Compiz window manager provides a workspace with 3D animations.

When the screen of a Compiz session is locked by GNOME screensaver, an attacker can press Alt-Tab to access applications opened in user's X session.

This vulnerability therefore permits attacker to access to windows, in order for example to run shell commands with rights of connected user.
Full Vigil@nce bulletin... (Free trial)

This computer threat announce impacts software or systems such as Fedora, NLD, OES, openSUSE, RHEL, SLES.

Our Vigil@nce team determined that the severity of this computer vulnerability is low.

The trust level is of type confirmed by the editor, with an origin of user console.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this cybersecurity alert.

Solutions for this threat

Fedora 7: new xorg-x11-server packages.
New packages are available:
faefb444c3edd79afa26c19044d8b0d2760c3c5a xorg-x11-server-debuginfo-1.3.0.0-16.fc7.ppc64.rpm
30cebda8e28e93facabcffdabd878eac6f8f7b36 xorg-x11-server-source-1.3.0.0-16.fc7.ppc64.rpm
49669f0c27ee3c27c7e1eb29ed132c7762439695 xorg-x11-server-sdk-1.3.0.0-16.fc7.ppc64.rpm
5a6dbed6b6b3843a3f19e42d531245c7accdf9fd xorg-x11-server-Xephyr-1.3.0.0-16.fc7.ppc64.rpm
b4d678cf5da65c4755019e79c50a3cd9881ee35a xorg-x11-server-Xvfb-1.3.0.0-16.fc7.ppc64.rpm
f0215e1b15c9667b58dd28e6af103a3d7f9dabc8 xorg-x11-server-Xdmx-1.3.0.0-16.fc7.ppc64.rpm
9103abaca089d1c500b02e5fbe72a1b05eb4384e xorg-x11-server-Xnest-1.3.0.0-16.fc7.ppc64.rpm
8736d71b798998a4ba4d7afe68ba5a5b091be9d5 xorg-x11-server-Xorg-1.3.0.0-16.fc7.ppc64.rpm
1ca1d91097d71dda00c8de3fcf80e0743e3129ac xorg-x11-server-debuginfo-1.3.0.0-16.fc7.i386.rpm
1f5bafe3fca6fdb37476ed03d9f2b589dedb0bd4 xorg-x11-server-source-1.3.0.0-16.fc7.i386.rpm
eff6102f6afb5dc7be75aa5a0e5dabf739c995b1 xorg-x11-server-sdk-1.3.0.0-16.fc7.i386.rpm
c3331303c0a1723a5f497e0cac1db9b9a3566f2f xorg-x11-server-Xephyr-1.3.0.0-16.fc7.i386.rpm
a80636788f89e8845db4e7f398054d82f82143b1 xorg-x11-server-Xvfb-1.3.0.0-16.fc7.i386.rpm
9014dc8637fbf7f11619cdfb968b4c7d068541fa xorg-x11-server-Xdmx-1.3.0.0-16.fc7.i386.rpm
02b2f602b7ea0102cb0ebcc523da5fd0a8dce4e0 xorg-x11-server-Xnest-1.3.0.0-16.fc7.i386.rpm
5d8437606d1cc40f8fdaefa94a15e3f5c103ca73 xorg-x11-server-Xorg-1.3.0.0-16.fc7.i386.rpm
825411f6d1eeb81d291cfb4f32385ceaae5eff84 xorg-x11-server-Xorg-1.3.0.0-16.fc7.x86_64.rpm
2a33aa01ec6b0ce8afe29d2f2bec5f210c2bba94 xorg-x11-server-source-1.3.0.0-16.fc7.x86_64.rpm
954adbb327aeadb21d7cc86fb12d0ef25a0baab4 xorg-x11-server-debuginfo-1.3.0.0-16.fc7.x86_64.rpm
0ae492b1159169614b33d6b1f143b0453d0ed85d xorg-x11-server-sdk-1.3.0.0-16.fc7.x86_64.rpm
7fb3808ca7bfbf96a5e44db7abc7e6ef4c198642 xorg-x11-server-Xdmx-1.3.0.0-16.fc7.x86_64.rpm
dd29e964546183fba1a1567fba5c4a17ee96d8f0 xorg-x11-server-Xephyr-1.3.0.0-16.fc7.x86_64.rpm
1fdbd88d1f7ef31fce2a3b316c1eb7ac18e65d51 xorg-x11-server-Xnest-1.3.0.0-16.fc7.x86_64.rpm
cc7f4253bc872b56724aae5414a42015395c6823 xorg-x11-server-Xvfb-1.3.0.0-16.fc7.x86_64.rpm
549584d9732516b65e159e8e3c90bed3776ef357 xorg-x11-server-debuginfo-1.3.0.0-16.fc7.ppc.rpm
e6b5de72e0df53739b0a917047c8c2fd26dda44e xorg-x11-server-source-1.3.0.0-16.fc7.ppc.rpm
12eb1f15ac27207f7dae18b68dafdd817277fbc9 xorg-x11-server-sdk-1.3.0.0-16.fc7.ppc.rpm
dda4dcf4a7fe59a68b0fd3da4e0192c6805cba05 xorg-x11-server-Xephyr-1.3.0.0-16.fc7.ppc.rpm
ed306699e89fe317d809d2838957de6c608effdd xorg-x11-server-Xvfb-1.3.0.0-16.fc7.ppc.rpm
313d81395ea0779c9e49945fcf9340b74fd45830 xorg-x11-server-Xdmx-1.3.0.0-16.fc7.ppc.rpm
92a1294de956c119f723ef12dd888c67eec6b48d xorg-x11-server-Xnest-1.3.0.0-16.fc7.ppc.rpm
17064acd62ebbeaa741d227626fc84ad0c55ae13 xorg-x11-server-Xorg-1.3.0.0-16.fc7.ppc.rpm
3f7590106aedc2c3621d524d44db1b7b3c456e1d xorg-x11-server-1.3.0.0-16.fc7.src.rpm

Fedora 8: new xorg-x11-server packages.
New packages are available:
8d7a819a41e799faea83bec4f7ded8696baeebc2 xorg-x11-server-debuginfo-1.3.0.0-40.fc8.ppc64.rpm
66116a9ad89f00adc1848340991298f9e2ae9aeb xorg-x11-server-source-1.3.0.0-40.fc8.ppc64.rpm
99c3430c33d7551f969807226b99a1a074f2020e xorg-x11-server-sdk-1.3.0.0-40.fc8.ppc64.rpm
3ddf319a485337770a20db8b8f3fdf13edfe1b30 xorg-x11-server-Xephyr-1.3.0.0-40.fc8.ppc64.rpm
354f21e45d94c5bc588ccb4c8b0689db5467707e xorg-x11-server-Xvfb-1.3.0.0-40.fc8.ppc64.rpm
67dfbf67d65beff06cd85cc75725a7f3017687d3 xorg-x11-server-Xdmx-1.3.0.0-40.fc8.ppc64.rpm
81e4e23ce87b589a34f9098613a8b20df695159f xorg-x11-server-Xnest-1.3.0.0-40.fc8.ppc64.rpm
6414c1a31277494a74a6dcb6074eb3d47ea5ae5e xorg-x11-server-Xorg-1.3.0.0-40.fc8.ppc64.rpm
134b12d6a4ace8fa7e166d24f31dcfc72f4e7363 xorg-x11-server-debuginfo-1.3.0.0-40.fc8.i386.rpm
124b4e5b6a7475d418bd40c9711214d529b032cd xorg-x11-server-source-1.3.0.0-40.fc8.i386.rpm
9c4cafbcfe1368c04c2c6219cb1250e46ac8e75f xorg-x11-server-sdk-1.3.0.0-40.fc8.i386.rpm
ae69f12a581fa4e2adc2e513ea9882c2170d6582 xorg-x11-server-Xephyr-1.3.0.0-40.fc8.i386.rpm
65db9dfafb4f6c5bc29403b85874b2ffde003887 xorg-x11-server-Xvfb-1.3.0.0-40.fc8.i386.rpm
26332aee164bb6807c50b2aee89ce28f50b8e8a4 xorg-x11-server-Xdmx-1.3.0.0-40.fc8.i386.rpm
96f37cbd078b4eeae7bb25476b5fd1f612eb7b04 xorg-x11-server-Xnest-1.3.0.0-40.fc8.i386.rpm
1afcdd13422c9360c80eb961fa2398f048861991 xorg-x11-server-Xorg-1.3.0.0-40.fc8.i386.rpm
67ba08f7f4a421aebe005f26221e4ab97c566c6c xorg-x11-server-debuginfo-1.3.0.0-40.fc8.x86_64.rpm
8730b0df3dc58a74e4358fda2a5c4d605096adef xorg-x11-server-source-1.3.0.0-40.fc8.x86_64.rpm
0c5a69246aac97f0a2d4d9b71602f1cfbdaf6da4 xorg-x11-server-sdk-1.3.0.0-40.fc8.x86_64.rpm
10fc65c030209138a7ac9cae101cac40d16fab31 xorg-x11-server-Xephyr-1.3.0.0-40.fc8.x86_64.rpm
382788e63c236f50524c868b48f0d5e012b9a658 xorg-x11-server-Xvfb-1.3.0.0-40.fc8.x86_64.rpm
eb08ac8ee152d4693d7cb7f16b588d8a92edbf07 xorg-x11-server-Xdmx-1.3.0.0-40.fc8.x86_64.rpm
3c3c63600430705a03aa28e3b1902a84104c147a xorg-x11-server-Xnest-1.3.0.0-40.fc8.x86_64.rpm
04af5a0169c7a00bd4a3e407f8998659fedee878 xorg-x11-server-Xorg-1.3.0.0-40.fc8.x86_64.rpm
497d784fbe3c6e89c810b9e54f10e7ce994bd995 xorg-x11-server-debuginfo-1.3.0.0-40.fc8.ppc.rpm
8f8e33ffed485149c5dedd7353678e94d0a5586a xorg-x11-server-source-1.3.0.0-40.fc8.ppc.rpm
8783fb0d5372a61563148bea91f489158b39ad58 xorg-x11-server-sdk-1.3.0.0-40.fc8.ppc.rpm
151cf470371a1e338324f90e3eda3832618487f5 xorg-x11-server-Xephyr-1.3.0.0-40.fc8.ppc.rpm
2e4e2ae3a57bb76136ecf4813b13d2a293eba4f4 xorg-x11-server-Xvfb-1.3.0.0-40.fc8.ppc.rpm
d519ce75de905b2d5d984e09cc0d266d04d8c416 xorg-x11-server-Xdmx-1.3.0.0-40.fc8.ppc.rpm
b9fe9cf4ca05b40f8ab21d152d120b1c3b6964c8 xorg-x11-server-Xnest-1.3.0.0-40.fc8.ppc.rpm
1f440a6c9091996acdada29aa9482690d8d7f4dc xorg-x11-server-Xorg-1.3.0.0-40.fc8.ppc.rpm
c3ec6359fe0d5adba45b4a5c4ea314404e689127 xorg-x11-server-1.3.0.0-40.fc8.src.rpm

RHEL 5: new compiz packages.
New packages are available:
  compiz-0.0.13-0.37.20060817git.el5

SUSE: new X.org/XFree86 packages.
New packages are available:
   openSUSE 10.3:
     http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xorg-x11-Xvnc-7.1-91.3.i586.rpm
     http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xorg-x11-server-7.2-143.13.i586.rpm
     http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xorg-x11-server-extra-7.2-143.13.i586.rpm
     http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xorg-x11-server-sdk-7.2-143.13.i586.rpm
   openSUSE 10.2:
     ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/xorg-x11-server-7.2-30.15.i586.rpm
     ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/xorg-x11-server-sdk-7.2-30.15.i586.rpm
   SUSE Linux Enterprise Server 10 SP1
     http://support.novell.com/techcenter/psdb/365f4578a5d4944409898142a04ad8db.html
     http://support.novell.com/techcenter/psdb/dafe815cdb6284ae29e4d625d49fd383.html
   SUSE Linux Enterprise Server 10 SP2
     http://support.novell.com/techcenter/psdb/365f4578a5d4944409898142a04ad8db.html
     http://support.novell.com/techcenter/psdb/dafe815cdb6284ae29e4d625d49fd383.html
   SLE SDK 10 SP2
     http://support.novell.com/techcenter/psdb/365f4578a5d4944409898142a04ad8db.html
     http://support.novell.com/techcenter/psdb/dafe815cdb6284ae29e4d625d49fd383.html
   SLE SDK 10 SP1
     http://support.novell.com/techcenter/psdb/365f4578a5d4944409898142a04ad8db.html
     http://support.novell.com/techcenter/psdb/dafe815cdb6284ae29e4d625d49fd383.html
   SUSE Linux Enterprise Desktop 10 SP1
     http://support.novell.com/techcenter/psdb/dafe815cdb6284ae29e4d625d49fd383.html
   SUSE Linux Enterprise Desktop 10 SP2
     http://support.novell.com/techcenter/psdb/dafe815cdb6284ae29e4d625d49fd383.html
   Open Enterprise Server
     http://support.novell.com/techcenter/psdb/f1d6c99d6205780cd2ffac2d4f799210.html
   Novell Linux POS 9
     http://support.novell.com/techcenter/psdb/f1d6c99d6205780cd2ffac2d4f799210.html
   Novell Linux Desktop 9
     http://support.novell.com/techcenter/psdb/f1d6c99d6205780cd2ffac2d4f799210.html
   SUSE SLES 9
     http://support.novell.com/techcenter/psdb/5dc3845aa1a191befe81a3f246c6d3aa.html
     http://support.novell.com/techcenter/psdb/f1d6c99d6205780cd2ffac2d4f799210.html
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides computer vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.