CVE-2013-1050

Ubuntu Security Notice USN-1716-1

Severity Score

6.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.

La configuración por defecto en gnome-screensaver v3.5.4 hasta v3.6.0 fija la opción AutostartCondition a modo de retorno en el archivo .Desktop, lo que impide que el programa se inicie automáticamente después de un inicio de sesión y permite a los atacantes físicamente próximos saltarse el bloqueo de pantalla y acceder a una estación de trabajo sin vigilancia.

It was discovered that gnome-screensaver did not start automatically after logging in. This may result in the screen not being automatically locked after the inactivity timeout is reached, permitting an attacker with physical access to gain access to an unlocked session.

*Credits: N/A

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-01-11 CVE Reserved
2013-02-12 CVE Published
2024-09-16 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (4)

URL	Tag	Source
https://bugzilla.gnome.org/show_bug.cgi?id=683060	X_refsource_misc
https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.ubuntu.com/usn/USN-1716-1	2013-03-18
https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126	2013-03-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnome Search vendor "Gnome"		Gnome Screensaver Search vendor "Gnome" for product "Gnome Screensaver"				3.5.4 Search vendor "Gnome" for product "Gnome Screensaver" and version "3.5.4"		-		Affected
Gnome Search vendor "Gnome"		Gnome Screensaver Search vendor "Gnome" for product "Gnome Screensaver"				3.5.5 Search vendor "Gnome" for product "Gnome Screensaver" and version "3.5.5"		-		Affected
Gnome Search vendor "Gnome"		Gnome Screensaver Search vendor "Gnome" for product "Gnome Screensaver"				3.6.0 Search vendor "Gnome" for product "Gnome Screensaver" and version "3.6.0"		-		Affected