CVE-2010-2532

EUVD-2010-2536
lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
opensuseopensuse
11.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lxsession
bookworm
0.5.5-2
fixed
bullseye
0.5.5-2
fixed
sid
0.5.5-3
fixed
trixie
0.5.5-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lxsession
dapper
dne
hardy
dne
jaunty
dne
karmic
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
precise
not-affected
quantal
ignored
raring
ignored
saucy
ignored
trusty
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://www.openwall.com/lists/oss-security/2010/07/15/1
http://www.openwall.com/lists/oss-security/2010/07/16/4
https://bugzilla.novell.com/show_bug.cgi?id=622083
https://bugzilla.redhat.com/show_bug.cgi?id=614608
https://bugzillafiles.novell.org/attachment.cgi?id=375737
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://www.openwall.com/lists/oss-security/2010/07/15/1
http://www.openwall.com/lists/oss-security/2010/07/16/4
https://bugzilla.novell.com/show_bug.cgi?id=622083
https://bugzilla.redhat.com/show_bug.cgi?id=614608
https://bugzillafiles.novell.org/attachment.cgi?id=375737