Vulnerability Description
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Gnome Screensaver | 3.5.4 |
Related Weaknesses (CWE)
References
- http://www.ubuntu.com/usn/USN-1716-1
- https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126Vendor Advisory
- https://bugzilla.gnome.org/show_bug.cgi?id=683060
- https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c02971
- http://www.ubuntu.com/usn/USN-1716-1
- https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126Vendor Advisory
- https://bugzilla.gnome.org/show_bug.cgi?id=683060
- https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c02971
FAQ
What is CVE-2013-1050?
CVE-2013-1050 is a vulnerability with a CVSS score of 7.2 (HIGH). The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after ...
How severe is CVE-2013-1050?
CVE-2013-1050 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1050?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Gnome Screensaver.