gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
References
Configurations
History
03 Aug 2023, 17:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gnome:gtk:*:*:*:*:*:*:*:* | |
First Time |
Gnome gtk
|
|
References | (CONFIRM) https://bugzilla.gnome.org/show_bug.cgi?id=598476 - Issue Tracking, Patch | |
References | (MISC) http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Linux-wirkungslos-2-Update-928580.html - Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2010/03/05/2 - Mailing List, Patch | |
References | (CONFIRM) http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520 - Vendor Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html - Third Party Advisory | |
References | (CONFIRM) http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1 - Patch | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2010:109 - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/38211 - Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/39317 - Broken Link | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2010/02/12/1 - Mailing List | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2010/03/16/9 - Mailing List | |
References | (CONFIRM) http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news - Vendor Advisory | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=565527 - Issue Tracking, Patch | |
References | (CONFIRM) https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395 - Third Party Advisory |
Information
Published : 2010-03-19 19:30
Updated : 2024-02-28 11:41
NVD link : CVE-2010-0732
Mitre link : CVE-2010-0732
CVE.ORG link : CVE-2010-0732
JSON object : View
Products Affected
gnome
- screensaver
- gtk
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')