CVE-2009-4641

EUVD-2009-4606
gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
gnomescreensaver
2.28.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnome-screensaver
bookworm
3.6.1-13
fixed
bullseye
3.6.1-13
fixed
etch
not-affected
lenny
not-affected
sid
3.6.1-13
fixed
trixie
3.6.1-13
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnome-screensaver
dapper
ignored
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
Fixed 2.28.0-0ubuntu3.1
released
References
http://www.mandriva.com/security/advisories?name=MDVSA-2010:040
http://www.ubuntu.com/usn/USN-866-1
https://bugzilla.gnome.org/show_bug.cgi?id=600488
https://launchpad.net/bugs/411350
http://www.mandriva.com/security/advisories?name=MDVSA-2010:040
http://www.ubuntu.com/usn/USN-866-1
https://bugzilla.gnome.org/show_bug.cgi?id=600488
https://launchpad.net/bugs/411350