Screen Lock Bypass in GNOME Screensaver by Gnome
CVE-2010-0285

Currently unrated

Key Information:

Vendor: Gnome
Status: Screensaver
Vendor: CVE Published:; 24 February 2010

What is CVE-2010-0285?

The gnome-screensaver versions 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3 are vulnerable when the X configuration allows the extend screen option. This vulnerability enables attackers who are physically near an unattended workstation to bypass the screen locking mechanism. By connecting an external monitor, they can gain access to half of the GNOME desktop environment, potentially exposing any sensitive information displayed on the screen.

References

https://bugzilla.gnome.org/show_bug.cgi?id=593616

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=557525

x_refsource_CONFIRM

http://git.gnome.org/browse/gnome-screensaver/commit/?id=...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2010
Vulnerability Reserved
Jan 12, 2010