Vulnerability Description
The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Gnome-Shell | <= 3.9.92 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2013/12/27/4
- http://www.openwall.com/lists/oss-security/2013/12/27/8
- https://bugzilla.gnome.org/show_bug.cgi?id=708313
- https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fb
- http://www.openwall.com/lists/oss-security/2013/12/27/4
- http://www.openwall.com/lists/oss-security/2013/12/27/8
- https://bugzilla.gnome.org/show_bug.cgi?id=708313
- https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fb
FAQ
What is CVE-2013-7221?
CVE-2013-7221 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arb...
How severe is CVE-2013-7221?
CVE-2013-7221 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7221?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Gnome-Shell.