The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability note CVE-2007-3920

GNOME screensaver: bypass with Compiz

Synthesis of the vulnerability

When GNOME screensaver is enabled with Compiz, an attacker can execute commands with privileges of user who locked his session.
Impacted systems: Fedora, NLD, OES, openSUSE, RHEL, SLES.
Severity of this alert: 1/4.
Consequences of an intrusion: user access/rights.
Pirate's origin: user console.
Creation date: 25/01/2008.
Références of this alert: BID-26188, CVE-2007-3920, FEDORA-2008-0930, FEDORA-2008-0956, RHSA-2008:0485-02, SUSE-SA:2008:027, VIGILANCE-VUL-7529.

Description of the vulnerability

The Compiz window manager provides a workspace with 3D animations.

When the screen of a Compiz session is locked by GNOME screensaver, an attacker can press Alt-Tab to access applications opened in user's X session.

This vulnerability therefore permits attacker to access to windows, in order for example to run shell commands with rights of connected user.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides networks vulnerabilities patches. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.