{"id": "SECURITYVULNS:VULN:12897", "bulletinFamily": "software", "title": "gnome screensaver protection bypass", "description": "Screensaver doesn't start automatically.", "published": "2013-02-18T00:00:00", "modified": "2013-02-18T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12897", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:29053"], "cvelist": ["CVE-2013-1050"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:50", "edition": 1, "viewCount": 4, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2018-08-31T11:09:50", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-1050"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310841314", "OPENVAS:841314"]}, {"type": "ubuntu", "idList": ["USN-1716-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29053"]}, {"type": "nessus", "idList": ["UBUNTU_USN-1716-1.NASL"]}], "modified": "2018-08-31T11:09:50", "rev": 2}, "vulnersScore": 6.1}, "affectedSoftware": [{"name": "gnome-screensaver", "operator": "eq", "version": "3.6"}]}

{"cve": [{"lastseen": "2020-10-03T12:45:56", "description": "The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.", "edition": 3, "cvss3": {}, "published": "2013-03-08T22:55:00", "title": "CVE-2013-1050", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1050"], "modified": "2013-03-18T04:00:00", "cpe": ["cpe:/a:gnome:gnome_screensaver:3.5.5", "cpe:/a:gnome:gnome_screensaver:3.5.4", "cpe:/a:gnome:gnome_screensaver:3.6.0"], "id": "CVE-2013-1050", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1050", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:gnome:gnome_screensaver:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:gnome_screensaver:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:gnome_screensaver:3.6.0:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T01:38:35", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1050"], "description": "It was discovered that gnome-screensaver did not start automatically after \nlogging in. This may result in the screen not being automatically locked \nafter the inactivity timeout is reached, permitting an attacker with \nphysical access to gain access to an unlocked session.", "edition": 5, "modified": "2013-02-12T00:00:00", "published": "2013-02-12T00:00:00", "id": "USN-1716-1", "href": "https://ubuntu.com/security/notices/USN-1716-1", "title": "gnome-screensaver vulnerability", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-12-04T11:22:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1050"], "description": "Check for the Version of gnome-screensaver", "modified": "2017-12-01T00:00:00", "published": "2013-02-15T00:00:00", "id": "OPENVAS:841314", "href": "http://plugins.openvas.org/nasl.php?oid=841314", "type": "openvas", "title": "Ubuntu Update for gnome-screensaver USN-1716-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1716_1.nasl 7958 2017-12-01 06:47:47Z santu $\n#\n# Ubuntu Update for gnome-screensaver USN-1716-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"gnome-screensaver on Ubuntu 12.10\";\ntag_insight = \"It was discovered that gnome-screensaver did not start automatically after\n logging in. This may result in the screen not being automatically locked\n after the inactivity timeout is reached, permitting an attacker with\n physical access to gain access to an unlocked session.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1716-1/\");\n script_id(841314);\n script_version(\"$Revision: 7958 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:47:47 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:25:14 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2013-1050\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1716-1\");\n script_name(\"Ubuntu Update for gnome-screensaver USN-1716-1\");\n\n script_summary(\"Check for the Version of gnome-screensaver\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gnome-screensaver\", ver:\"3.6.0-0ubuntu2.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1050"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-02-15T00:00:00", "id": "OPENVAS:1361412562310841314", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841314", "type": "openvas", "title": "Ubuntu Update for gnome-screensaver USN-1716-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1716_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for gnome-screensaver USN-1716-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1716-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841314\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:25:14 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2013-1050\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1716-1\");\n script_name(\"Ubuntu Update for gnome-screensaver USN-1716-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnome-screensaver'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.10\");\n script_tag(name:\"affected\", value:\"gnome-screensaver on Ubuntu 12.10\");\n script_tag(name:\"insight\", value:\"It was discovered that gnome-screensaver did not start automatically after\n logging in. This may result in the screen not being automatically locked\n after the inactivity timeout is reached, permitting an attacker with\n physical access to gain access to an unlocked session.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gnome-screensaver\", ver:\"3.6.0-0ubuntu2.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:47", "bulletinFamily": "software", "cvelist": ["CVE-2013-1050"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1716-1\r\nFebruary 12, 2013\r\n\r\ngnome-screensaver vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.10\r\n\r\nSummary:\r\n\r\ngnome-screensaver would allow unintended access to the user session.\r\n\r\nSoftware Description:\r\n- gnome-screensaver: GNOME screen saver and locker\r\n\r\nDetails:\r\n\r\nIt was discovered that gnome-screensaver did not start automatically after\r\nlogging in. This may result in the screen not being automatically locked\r\nafter the inactivity timeout is reached, permitting an attacker with\r\nphysical access to gain access to an unlocked session.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.10:\r\n gnome-screensaver 3.6.0-0ubuntu2.1\r\n\r\nAfter a standard system update you need to restart your session to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1716-1\r\n CVE-2013-1050\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/gnome-screensaver/3.6.0-0ubuntu2.1\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2013-02-18T00:00:00", "published": "2013-02-18T00:00:00", "id": "SECURITYVULNS:DOC:29053", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29053", "title": "[USN-1716-1] gnome-screensaver vulnerability", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-01T06:39:10", "description": "It was discovered that gnome-screensaver did not start automatically\nafter logging in. This may result in the screen not being\nautomatically locked after the inactivity timeout is reached,\npermitting an attacker with physical access to gain access to an\nunlocked session.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2013-02-13T00:00:00", "title": "Ubuntu 12.10 : gnome-screensaver vulnerability (USN-1716-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1050"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:gnome-screensaver", "cpe:/o:canonical:ubuntu_linux:12.10"], "id": "UBUNTU_USN-1716-1.NASL", "href": "https://www.tenable.com/plugins/nessus/64615", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1716-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64615);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2013-1050\");\n script_xref(name:\"USN\", value:\"1716-1\");\n\n script_name(english:\"Ubuntu 12.10 : gnome-screensaver vulnerability (USN-1716-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that gnome-screensaver did not start automatically\nafter logging in. This may result in the screen not being\nautomatically locked after the inactivity timeout is reached,\npermitting an attacker with physical access to gain access to an\nunlocked session.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1716-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-screensaver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gnome-screensaver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.10\", pkgname:\"gnome-screensaver\", pkgver:\"3.6.0-0ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-screensaver\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}