CVE-2010-0732

Vulnerability Description

gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.newsVendor Advisory
• http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412Vendor Advisory
• http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfPatch
• http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ecPatch
• http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlThird Party Advisory
• http://secunia.com/advisories/39317Broken Link
• http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Linux-Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2010:109Broken Link
• http://www.openwall.com/lists/oss-security/2010/02/12/1Mailing List
• http://www.openwall.com/lists/oss-security/2010/03/05/2Mailing ListPatch
• http://www.openwall.com/lists/oss-security/2010/03/16/9Mailing List
• http://www.securityfocus.com/bid/38211Third Party AdvisoryVDB Entry
• https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395Third Party Advisory
• https://bugzilla.gnome.org/show_bug.cgi?id=598476Issue TrackingPatch
• https://bugzilla.redhat.com/show_bug.cgi?id=565527Issue TrackingPatch