CVE-2013-1050
https://notcve.org/view.php?id=CVE-2013-1050
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation. La configuración por defecto en gnome-screensaver v3.5.4 hasta v3.6.0 fija la opción AutostartCondition a modo de retorno en el archivo .Desktop, lo que impide que el programa se inicie automáticamente después de un inicio de sesión y permite a los atacantes físicamente próximos saltarse el bloqueo de pantalla y acceder a una estación de trabajo sin vigilancia. • http://www.ubuntu.com/usn/USN-1716-1 https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126 https://bugzilla.gnome.org/show_bug.cgi?id=683060 https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-3452
https://notcve.org/view.php?id=CVE-2012-3452
gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation. gnome-screensaver v3.4.x anterior a v3.4.4 y v3.5.x anterior a v3.5.4, cuando se utilizan múltiples pantallas, sólo bloquea la pantalla con el foco activo, permitiendo a atacantes físicamente próximos eludir el bloqueo de pantalla y acceder a un puesto de trabajo sin supervisión. • http://www.openwall.com/lists/oss-security/2012/08/03/3 http://www.openwall.com/lists/oss-security/2012/08/03/5 https://bugzilla.gnome.org/show_bug.cgi?id=679441 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-0732
https://notcve.org/view.php?id=CVE-2010-0732
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. gdk/gdkwindow.c en GTK+ anterior a v2.18.5, utilizada en gnome-screensaver anterior a v2.28.1, realiza pinturas implícitas en las ventanas de tipo GDK_WINDOW_FOREIGN, lo que lanza un error X en ciertas circunstancias y consecuentemente permite a atacantes próximos físicamente evitar el bloqueo de pantalla y acceder a un ordenador presionando la tecla Enter durante un cierto tiempo • http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520 http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0 http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://secunia.com/advisories/39317 http://www.heise.de/newsticker/mel • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2010-0285
https://notcve.org/view.php?id=CVE-2010-0285
gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor. gnome-screensaver v2.14.3, v2.22.2, v2.27.x, v2.28.0, y v2.28.3, cuando la configuración de las X activa la extensión de monitor, permite a atacantes próximos físicamente, evitar el bloqueo de pantalla y visualizar la mitad del escritorio GNOME conectando un monitor externo. • http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca http://security-tracker.debian.org/tracker/CVE-2010-0285 http://www.mandriva.com/security/advisories?name=MDVSA-2011:093 http://www.securityfocus.com/bid/38254 https://bugzilla.gnome.org/show_bug.cgi?id=593616 https://bugzilla.redhat.com/show_bug.cgi?id=557525 https://exchange.xforce.ibmcloud.com/vulnerabilities/56366 •
CVE-2010-0422
https://notcve.org/view.php?id=CVE-2010-0422
gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414. gnome-screensaver v2.28.x anterio a v2.28.3, no sincroniza adecuadamente el estado del bloqueo de pantalla ni del desbloqueo en situaciones que involucran un cambio en el número de monitores, lo que permite a atacantes próximos físicamente evitar el bloqueo de pantalla y acceder a un ordenador mediante la conexión y desconexión del monitor varias veces. Relacionada con el CVE-2010-0414. • http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.3.news http://git.gnome.org/browse/gnome-screensaver/commit/?id=271ae93d7b140b8ba40d77f9e4ce894e5fd1b554 http://git.gnome.org/browse/gnome-screensaver/commit/?id=d4dcbd65a2df3c093c4e3a74bbbc75383eb9eadb http://git.gnome.org/browse/gnome-screensaver/commit/?id=f93a22c175090cf02e80bc3ee676b53f1251f685 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035115.html http://marc.info/?l=oss-security&m=126601292400764&w=2 http •