CVE-2010-0732
https://notcve.org/view.php?id=CVE-2010-0732
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. gdk/gdkwindow.c en GTK+ anterior a v2.18.5, utilizada en gnome-screensaver anterior a v2.28.1, realiza pinturas implícitas en las ventanas de tipo GDK_WINDOW_FOREIGN, lo que lanza un error X en ciertas circunstancias y consecuentemente permite a atacantes próximos físicamente evitar el bloqueo de pantalla y acceder a un ordenador presionando la tecla Enter durante un cierto tiempo • http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520 http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0 http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://secunia.com/advisories/39317 http://www.heise.de/newsticker/mel • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2010-0285
https://notcve.org/view.php?id=CVE-2010-0285
gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor. gnome-screensaver v2.14.3, v2.22.2, v2.27.x, v2.28.0, y v2.28.3, cuando la configuración de las X activa la extensión de monitor, permite a atacantes próximos físicamente, evitar el bloqueo de pantalla y visualizar la mitad del escritorio GNOME conectando un monitor externo. • http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca http://security-tracker.debian.org/tracker/CVE-2010-0285 http://www.mandriva.com/security/advisories?name=MDVSA-2011:093 http://www.securityfocus.com/bid/38254 https://bugzilla.gnome.org/show_bug.cgi?id=593616 https://bugzilla.redhat.com/show_bug.cgi?id=557525 https://exchange.xforce.ibmcloud.com/vulnerabilities/56366 •
CVE-2010-0414
https://notcve.org/view.php?id=CVE-2010-0414
gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor. gnome-screensaver v2.28.2 permite a atacantes físicamente próximos , acceder un ordenador sin nadie sobre el que se ha bloqueado la pantalla de manera intencionada, moviendo el ratón hacia una posición de un monitor externo y luego desconectando dicho monitor.. • http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.2.news http://git.gnome.org/browse/gnome-screensaver/commit/?id=a5f66339be6719c2b8fc478a1d5fc6545297d950 http://git.gnome.org/browse/gnome-screensaver/commit/?id=dcca89b7ab6e1220815af38da246434b2e13fd9f http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034904.html http://secunia.com/advisories/38468 http://secunia.com/advisories/38532 http://secunia.com/advisories/38534 http://www.mandriva.com/security/a •
CVE-2008-0887 – gnome-screensaver using NIS auth will unlock if NIS goes away
https://notcve.org/view.php?id=CVE-2008-0887
gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859. El salvapantallas de gnome antes de 2.22.1, se cae durante un intento de desbloqueo, cuando está habilitado un servidor de autentificación remota debido a una parada de la red, lo que permite a atacantes físicamente próximos obtener acceso a la sesión bloqueada, un problema relacionado con CVE-2007-1859. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://osvdb.org/35531 http://rhn.redhat.com/errata/RHSA-2008-0197.html http://secunia.com/advisories/29595 http://secunia.com/advisories/29606 http://secunia.com/advisories/29742 http://secunia.com/advisories/29759 http://secunia.com/advisories/30967 http://secunia.com/advisories/32691 http://security.gentoo.org/glsa/glsa-200804-12.xml http://securitytracker.com/id?1019749 http://www.mandriva.com •
CVE-2007-6389
https://notcve.org/view.php?id=CVE-2007-6389
The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V. La funcionalidad de notificación en el salvapantallas de GNOME (gnome-screensaver) 2.20.0 podría permitir a usuarios locales leer los contenidos del porta-papeles y datos seleccionados en X para una sesión bloqueada al utilizar ctrl-V. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=455484 http://bugzilla.gnome.org/show_bug.cgi?id=482159 http://bugzilla.gnome.org/show_bug.cgi?id=503005 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/29595 http://secunia.com/advisories/29666 http://secunia.com/advisories/31687 http://secunia.com/advisories/32691 http://www.mandriva.com/security/advisories?name=MDVSA-2008:135 http://www.securityfocus.com/bid/30096 http& •