GNOME Screensaver hotkey security bypass
| gnomescreensaver-security-bypass (25340) |  Medium Risk |
Description:
GNOME Screensaver could allow a local attacker to bypass security. If the AllowDeactivateGrabs and AllowClosedownGrabs options are set on the X server, a local attacker could use keyboard hotkey combinations to overwrite the activated screensaver giving the attacker direct access to the victim's desktop.
Consequences:
Gain Access
Remedy:
Upgrade to the latest version of GNOME Screensaver (2.14 or later), available from the GNOME Screensaver Web site. See References.
References:
- GNOME Screensaver Web site: GnomeScreensaver.
- CVE-2006-1335: gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome.
- SA19280: Gnome Screensaver Password Bypass Vulnerability
Platforms Affected:
- GNOME GNOME Screensaver 2.13
Reported:
Mar 20, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net