Session Idle Time Vulnerability in gnome-screensaver by GNOME
CVE-2009-4642

Currently unrated

Key Information:

Vendor: Gnome
Status: Screensaver
Vendor: CVE Published:; 11 February 2010

Summary

The gnome-screensaver version 2.26.1 interacts with the gnome-session D-Bus interface to assess the idle status of a user's session. This can inadvertently expose systems using alternative desktop environments, such as Xfce-based distributions like Xubuntu and Mythbuntu. Consequently, an attacker in close proximity can exploit this flaw to access the unattended workstation despite the intention of having screen locking enabled, compromising sensitive information and user privacy.

References

http://bugzilla.xfce.org/show_bug.cgi?id=5927

x_refsource_CONFIRM

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536381

x_refsource_CONFIRM

https://launchpad.net/bugs/493573

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 11, 2010