Command Execution Vulnerability in GNOME Shell by GNOME
CVE-2013-7221

Currently unrated

Key Information:

Vendor
Gnome
Status
Gnome-shell
Vendor
CVE Published:
29 April 2014

Summary

The automatic screen lock feature in GNOME Shell versions prior to 3.10 fails to restrict access to the 'Enter a Command' dialog. This weakness allows local attackers with physical access to an unattended workstation to execute arbitrary commands, potentially compromising system integrity and user data. It highlights the importance of securing systems against physical access vulnerabilities.

References

http://www.openwall.com/lists/oss-security/2013/12/27/4
mailing-listx_refsource_MLIST
https://git.gnome.org/browse/gnome-shell/commit/js/ui/mai...
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2013/12/27/8
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2013-7221 : Command Execution Vulnerability in GNOME Shell by GNOME | SecurityVulnerability.io