CVE-2010-0732

EUVD-2010-0758
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.2 UNKNOWN
LOCAL
HIGH
AV:L/AC:H/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
gnomegtk
𝑥
< 2.18.5
gnomescreensaver
𝑥
< 2.28.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gtk+2.0
bookworm
2.24.33-2+deb12u1
fixed
bullseye
2.24.33-2+deb11u1
fixed
etch
not-affected
lenny
not-affected
sid
2.24.33-6
fixed
trixie
2.24.33-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gtk+2.0
dapper
ignored
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
Common Weakness Enumeration
References
http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news
http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520
http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0
http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
http://secunia.com/advisories/39317
http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Linux-wirkungslos-2-Update-928580.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:109
http://www.openwall.com/lists/oss-security/2010/02/12/1
http://www.openwall.com/lists/oss-security/2010/03/05/2
http://www.openwall.com/lists/oss-security/2010/03/16/9
http://www.securityfocus.com/bid/38211
https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395
https://bugzilla.gnome.org/show_bug.cgi?id=598476
https://bugzilla.redhat.com/show_bug.cgi?id=565527
http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news
http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520
http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0
http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
http://secunia.com/advisories/39317
http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Linux-wirkungslos-2-Update-928580.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:109
http://www.openwall.com/lists/oss-security/2010/02/12/1
http://www.openwall.com/lists/oss-security/2010/03/05/2
http://www.openwall.com/lists/oss-security/2010/03/16/9
http://www.securityfocus.com/bid/38211
https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395
https://bugzilla.gnome.org/show_bug.cgi?id=598476
https://bugzilla.redhat.com/show_bug.cgi?id=565527