Lucene search

[email protected]CVE-2009-4642

HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-4642

2022-10-0316:24:04

[email protected]

web.nvd.nist.gov

gnome-screensaver

session idle time

vulnerability

xfce

d-bus interface

physical proximity attack

screen locking

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.4%

JSON

gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.

Affected configurations

NVD

Node

gnomescreensaverMatch2.26.1

CPENameOperatorVersion
gnome:screensavergnome screensavereq2.26.1

CPE	Name	Operator	Version
gnome:screensaver	gnome screensaver	eq	2.26.1

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=536381

bugzilla.xfce.org/show_bug.cgi?id=5927

bugzilla.gnome.org/show_bug.cgi?id=592093

launchpad.net/bugs/411350

launchpad.net/bugs/493573

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.4%

JSON

Related for CVE-2009-4642

cvelist1 nvd1 ubuntucve1 prion1 redhatcve1 debiancve1