gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
References
Configurations
History
03 Aug 2023, 17:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gnome:gtk:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395 - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/38211 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news - Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2010/03/16/9 - Mailing List | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=565527 - Issue Tracking, Patch | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2010/02/12/1 - Mailing List | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2010/03/05/2 - Mailing List, Patch | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2010:109 - Broken Link | |
References | (CONFIRM) http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1 - Patch | |
References | (MISC) http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Linux-wirkungslos-2-Update-928580.html - Third Party Advisory | |
References | (CONFIRM) http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520 - Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/39317 - Broken Link | |
References | (CONFIRM) https://bugzilla.gnome.org/show_bug.cgi?id=598476 - Issue Tracking, Patch | |
First Time |
Gnome gtk
|
13 Feb 2023, 04:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. |
02 Feb 2023, 17:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | CVE-2010-0732 gnome-screensaver: Race condition between shaking the unlock dialog and clearing the screen |
Information
Published : 2010-03-19 19:30
Updated : 2023-12-10 11:03
NVD link : CVE-2010-0732
Mitre link : CVE-2010-0732
CVE.ORG link : CVE-2010-0732
JSON object : View
Products Affected
gnome
- screensaver
- gtk
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')