GTK+ Buffer Overflow Vulnerability in gnome-screensaver by GNOME
CVE-2010-0732

Currently unrated

Key Information:

Vendor: Gnome
Status: Gtk
Vendor: CVE Published:; 19 March 2010

What is CVE-2010-0732?

An implicit paint flaw in GTK+ versions prior to 2.18.5, utilized by gnome-screensaver versions before 2.28.1, allows physical attackers to bypass the screen lock feature. By repeatedly pressing the Enter key, an attacker can trigger an X error on windows designated as GDK_WINDOW_FOREIGN, effectively gaining unauthorized access to user sessions on unattended workstations.

References

http://secunia.com/advisories/39317

third-party-advisoryx_refsource_SECUNIA

http://www.openwall.com/lists/oss-security/2010/02/12/1

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2010/03/16/9

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2010
Vulnerability Reserved
Feb 26, 2010

Gnome

What is CVE-2010-0732?

References

Timeline