CVE-2009-4641

gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
gnomescreensaver
2.28.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnome-screensaver
sid
3.6.1-13
fixed
trixie
3.6.1-13
fixed
bookworm
3.6.1-13
fixed
bullseye
3.6.1-13
fixed
etch
not-affected
lenny
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnome-screensaver
karmic
Fixed 2.28.0-0ubuntu3.1
released
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
dapper
ignored
References
http://www.mandriva.com/security/advisories?name=MDVSA-2010:040
http://www.ubuntu.com/usn/USN-866-1
https://bugzilla.gnome.org/show_bug.cgi?id=600488
https://launchpad.net/bugs/411350
http://www.mandriva.com/security/advisories?name=MDVSA-2010:040
http://www.ubuntu.com/usn/USN-866-1
https://bugzilla.gnome.org/show_bug.cgi?id=600488
https://launchpad.net/bugs/411350