gnome屏幕保护程序X配置安全跳过漏洞

漏洞信息详情

gnome屏幕保护程序X配置安全跳过漏洞

CNNVD编号：CNNVD-201002-253
危害等级：中危-->
危害等级：中危
CVE编号： CVE-2010-0285
漏洞类型：其他
发布时间： 2010-02-24
威胁类型：本地
更新时间： 2010-02-25
厂商： gnome
漏洞来源： freggy1

漏洞简介

Gnome Screensaver是一套屏幕保护管理程序。

gnome屏幕保护程序X配置存在安全跳过漏洞，当X配置中启用扩展屏幕选项，允许近程物理攻击者跳过屏幕保护锁同时未知进入工作站，利用连接和断开监视器的时间。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Ubuntu Ubuntu Linux 9.10 sparc

Ubuntu gnome-screensaver_2.28.0-0ubuntu3.5_sparc.deb

http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensave r_2.28.0-0ubuntu3.5_sparc.deb

Ubuntu Ubuntu Linux 8.10 powerpc

Ubuntu gnome-screensaver_2.24.0-0ubuntu2.1_powerpc.deb

http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensave r_2.24.0-0ubuntu2.1_powerpc.deb

Ubuntu Ubuntu Linux 8.10 i386

Ubuntu gnome-screensaver_2.24.0-0ubuntu2.1_i386.deb

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome- screensaver_2.24.0-0ubuntu2.1_i386.deb

Ubuntu Ubuntu Linux 9.10 powerpc

Ubuntu gnome-screensaver_2.28.0-0ubuntu3.5_powerpc.deb

http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensave r_2.28.0-0ubuntu3.5_powerpc.deb

Ubuntu Ubuntu Linux 9.10 lpia

Ubuntu gnome-screensaver_2.28.0-0ubuntu3.5_lpia.deb

http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensave r_2.28.0-0ubuntu3.5_lpia.deb

Ubuntu Ubuntu Linux 9.04 sparc

Ubuntu gnome-screensaver_2.24.0-0ubuntu6.1_sparc.deb

http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensave r_2.24.0-0ubuntu6.1_sparc.deb

Ubuntu Ubuntu Linux 9.04 powerpc

Ubuntu gnome-screensaver_2.24.0-0ubuntu6.1_powerpc.deb

http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensave r_2.24.0-0ubuntu6.1_powerpc.deb

Ubuntu Ubuntu Linux 8.10 lpia

Ubuntu gnome-screensaver_2.24.0-0ubuntu2.1_lpia.deb

http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensave r_2.24.0-0ubuntu2.1_lpia.deb

Ubuntu Ubuntu Linux 9.04 i386

Ubuntu gnome-screensaver_2.24.0-0ubuntu6.1_i386.deb

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome- screensaver_2.24.0-0ubuntu6.1_i386.deb

Ubuntu Ubuntu Linux 9.04 lpia

Ubuntu gnome-screensaver_2.24.0-0ubuntu6.1_lpia.deb

http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensave r_2.24.0-0ubuntu6.1_lpia.deb

Ubuntu Ubuntu Linux 8.10 sparc

Ubuntu gnome-screensaver_2.24.0-0ubuntu2.1_sparc.deb

http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensave r_2.24.0-0ubuntu2.1_sparc.deb

Ubuntu Ubuntu Linux 9.10 i386

Ubuntu gnome-screensaver_2.28.0-0ubuntu3.5_i386.deb

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome- screensaver_2.28.0-0ubuntu3.5_i386.deb

Ubuntu Ubuntu Linux 9.10 amd64

Ubuntu gnome-screensaver_2.28.0-0ubuntu3.5_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome- screensaver_2.28.0-0ubuntu3.5_amd64.deb

Ubuntu Ubuntu Linux 9.04 amd64

Ubuntu gnome-screensaver_2.24.0-0ubuntu6.1_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome- screensaver_2.24.0-0ubuntu6.1_amd64.deb

Ubuntu Ubuntu Linux 8.10 amd64

Ubuntu gnome-screensaver_2.24.0-0ubuntu2.1_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome- screensaver_2.24.0-0ubuntu2.1_amd64.deb

参考网址

来源: bugzilla.redhat.com

链接:https://bugzilla.redhat.com/show_bug.cgi?id=557525

来源: bugzilla.gnome.org

链接:https://bugzilla.gnome.org/show_bug.cgi?id=593616

来源: XF

名称: screensaver-monitor-setup-sec-bypass(56366)

链接:http://xforce.iss.net/xforce/xfdb/56366

来源: BID

名称: 38254

链接:http://www.securityfocus.com/bid/38254

来源: security-tracker.debian.org

链接:http://security-tracker.debian.org/tracker/CVE-2010-0285

来源: git.gnome.org

链接:http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca

受影响实体

Gnome Screensaver:2.28.0
Gnome Screensaver:2.27
Gnome Screensaver:2.28.3
Gnome Screensaver:2.22.2
Gnome Screensaver:2.14.3

补丁

gnome-screensaver-2.28.3
gnome-screensaver-2.28.3
gnome-screensaver_2.28.0-0ubuntu3.5_powerpc
gnome-screensaver_2.28.0-0ubuntu3.5_sparc
gnome-screensaver_2.28.0-0ubuntu3.5_amd64

正文

gnome屏幕保护程序X配置安全跳过漏洞

漏洞信息详情