News
Vigil@nce: GNOME, second screen non locked
January 2010 by Vigil@nce
After unplugging and plugging back a second screen, it is not locked by GNOME ScreenSaver.
Severity: 1/4
Consequences: user access/rights
Provenance: user console
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 15/01/2010
IMPACTED PRODUCTS
Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The system can have two (or more) screens, which are locked by GNOME ScreenSaver.
However, if the victim:
unplugs his second screen
unlocks the ScreenSaver to access to his session (GNOME then
memorises that there is only one screen)
locks the ScreenSaver (ScreenSaver memorises that there is one
screen)
plugs the second screen
then, GNOME enables the second screen, but the ScreenSaver only
locks the first one.
An attacker, who has a console access to the computer, can thus access to applications located on victim’s second screen.
CHARACTERISTICS
Identifiers: 593616, VIGILANCE-VUL-9354
Url: http://vigilance.fr/vulnerability/G...
