Vulnerabilities > CVE-2007-3920
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 4 | |
| Application | 1 | |
| Application | 1 |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-537-1.NASL description Jens Askengren discovered that gnome-screensaver became confused when running under Compiz, and could lose keyboard lock focus. A local attacker could exploit this to bypass the user last seen 2020-06-01 modified 2020-06-02 plugin id 28143 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28143 title Ubuntu 7.10 : gnome-screensaver vulnerability (USN-537-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-537-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(28143); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2007-3920"); script_bugtraq_id(26188); script_xref(name:"USN", value:"537-1"); script_name(english:"Ubuntu 7.10 : gnome-screensaver vulnerability (USN-537-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Jens Askengren discovered that gnome-screensaver became confused when running under Compiz, and could lose keyboard lock focus. A local attacker could exploit this to bypass the user's locked screen saver. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/537-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected gnome-screensaver package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnome-screensaver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 7.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"7.10", pkgname:"gnome-screensaver", pkgver:"2.20.0-0ubuntu4.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-screensaver"); }NASL family Fedora Local Security Checks NASL id FEDORA_2008-0956.NASL description When enabling the last seen 2020-06-01 modified 2020-06-02 plugin id 30083 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30083 title Fedora 7 : xorg-x11-server-1.3.0.0-16.fc7 (2008-0956) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-0956. # include("compat.inc"); if (description) { script_id(30083); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_cve_id("CVE-2007-3920"); script_bugtraq_id(26188); script_xref(name:"FEDORA", value:"2008-0956"); script_name(english:"Fedora 7 : xorg-x11-server-1.3.0.0-16.fc7 (2008-0956)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "When enabling the 'unredirect fullscreen windows' option, compiz will unredirect fullscreen windows to improve performace. However, unredirecting will as a side effect break any grabs on that window, which compromises most screensavers. This X server update suppresses this unintended side effect and restores the security of the screensavers. See also CVE-2007-3069. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=350271" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=357071" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-January/007194.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f2ef6d99" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xephyr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xorg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-source"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"xorg-x11-server-Xdmx-1.3.0.0-16.fc7")) flag++; if (rpm_check(release:"FC7", reference:"xorg-x11-server-Xephyr-1.3.0.0-16.fc7")) flag++; if (rpm_check(release:"FC7", reference:"xorg-x11-server-Xnest-1.3.0.0-16.fc7")) flag++; if (rpm_check(release:"FC7", reference:"xorg-x11-server-Xorg-1.3.0.0-16.fc7")) flag++; if (rpm_check(release:"FC7", reference:"xorg-x11-server-Xvfb-1.3.0.0-16.fc7")) flag++; if (rpm_check(release:"FC7", reference:"xorg-x11-server-debuginfo-1.3.0.0-16.fc7")) flag++; if (rpm_check(release:"FC7", reference:"xorg-x11-server-sdk-1.3.0.0-16.fc7")) flag++; if (rpm_check(release:"FC7", reference:"xorg-x11-server-source-1.3.0.0-16.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_XORG-X11-SERVER-5316.NASL description This update fixes multiple vulnerabilities reported by iDefense : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption Additionally fixes for : - gnome-screensaver loses keyboard focus lock under compiz (CVE-2007-3920) last seen 2020-06-01 modified 2020-06-02 plugin id 33166 published 2008-06-12 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33166 title openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-5316) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update xorg-x11-server-5316. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(33166); script_version ("1.10"); script_cvs_date("Date: 2019/10/25 13:36:33"); script_cve_id("CVE-2007-3920", "CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362"); script_name(english:"openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-5316)"); script_summary(english:"Check for the xorg-x11-server-5316 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes multiple vulnerabilities reported by iDefense : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption Additionally fixes for : - gnome-screensaver loses keyboard focus lock under compiz (CVE-2007-3920)" ); script_set_attribute( attribute:"solution", value:"Update the affected xorg-x11-server packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-sdk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2008/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-server-7.2-30.15") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-server-sdk-7.2-30.15") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server / xorg-x11-server-sdk"); }NASL family Fedora Local Security Checks NASL id FEDORA_2008-0930.NASL description When enabling the last seen 2020-06-01 modified 2020-06-02 plugin id 30082 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30082 title Fedora 8 : xorg-x11-server-1.3.0.0-40.fc8 (2008-0930) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-0930. # include("compat.inc"); if (description) { script_id(30082); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_cve_id("CVE-2007-3920"); script_bugtraq_id(26188); script_xref(name:"FEDORA", value:"2008-0930"); script_name(english:"Fedora 8 : xorg-x11-server-1.3.0.0-40.fc8 (2008-0930)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "When enabling the 'unredirect fullscreen windows' option, compiz will unredirect fullscreen windows to improve performace. However, unredirecting will as a side effect break any grabs on that window, which compromises most screensavers. This X server update suppresses this unintended side effect and restores the security of the screensavers. See also CVE-2007-3069. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=350271" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=363061" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-January/007164.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b8427742" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xephyr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xorg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-source"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"xorg-x11-server-Xdmx-1.3.0.0-40.fc8")) flag++; if (rpm_check(release:"FC8", reference:"xorg-x11-server-Xephyr-1.3.0.0-40.fc8")) flag++; if (rpm_check(release:"FC8", reference:"xorg-x11-server-Xnest-1.3.0.0-40.fc8")) flag++; if (rpm_check(release:"FC8", reference:"xorg-x11-server-Xorg-1.3.0.0-40.fc8")) flag++; if (rpm_check(release:"FC8", reference:"xorg-x11-server-Xvfb-1.3.0.0-40.fc8")) flag++; if (rpm_check(release:"FC8", reference:"xorg-x11-server-debuginfo-1.3.0.0-40.fc8")) flag++; if (rpm_check(release:"FC8", reference:"xorg-x11-server-sdk-1.3.0.0-40.fc8")) flag++; if (rpm_check(release:"FC8", reference:"xorg-x11-server-source-1.3.0.0-40.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc"); }NASL family Scientific Linux Local Security Checks NASL id SL_20080521_COMPIZ_ON_SL5_X.NASL description Most screen savers create a top-level fullscreen window to cover the desktop, and grab the input with that window. Compiz has an option to un-redirect that window, but in some cases, this breaks the grab and compromises the locked screen. (CVE-2007-3920) last seen 2020-06-01 modified 2020-06-02 plugin id 60403 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60403 title Scientific Linux Security Update : compiz on SL5.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0485.NASL description Updated compiz packages that prevent Compiz from breaking screen saver grabs are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. Compiz is an OpenGL-based window and compositing manager. Most screen savers create a top-level fullscreen window to cover the desktop, and grab the input with that window. Compiz has an option to un-redirect that window, but in some cases, this breaks the grab and compromises the locked screen. (CVE-2007-3920) Users of compiz are advised to upgrade to these updated packages, which remove this option to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 32427 published 2008-05-22 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32427 title RHEL 5 : compiz (RHSA-2008:0485) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-537-2.NASL description USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes related problems in compiz. Jens Askengren discovered that gnome-screensaver became confused when running under Compiz, and could lose keyboard lock focus. A local attacker could exploit this to bypass the user last seen 2020-06-01 modified 2020-06-02 plugin id 28144 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28144 title Ubuntu 7.10 : compiz vulnerability (USN-537-2) NASL family SuSE Local Security Checks NASL id SUSE_XORG-X11-XVNC-5317.NASL description This update fixes multiple vulnerabilities reported by iDefense : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption Additionally fixes for : - XvReputImage crashes due to Nulled PortPriv->pDraw - gnome-screensaver loses keyboard focus lock under compiz (CVE-2007-3920) last seen 2020-06-01 modified 2020-06-02 plugin id 33165 published 2008-06-12 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33165 title openSUSE 10 Security Update : xorg-x11-Xvnc (xorg-x11-Xvnc-5317) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-278.NASL description A vulnerability has been found and corrected in compiz-fusion-plugins-main : The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920 (CVE-2008-6514). This update fixes this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 42133 published 2009-10-15 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42133 title Mandriva Linux Security Advisory : compiz-fusion-plugins-main (MDVSA-2009:278)
Oval
| accepted | 2013-04-29T04:03:12.966-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:10192 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. | ||||||||||||
| version | 19 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Statements
| contributor | Joshua Bressers |
| lastmodified | 2008-05-21 |
| organization | Red Hat |
| statement | This issue affected Red Hat Enterprise Linux 5 with a low security impact. An update to the compiz package was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0485.html |
References
- http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html
- http://secunia.com/advisories/27381
- http://secunia.com/advisories/28627
- http://secunia.com/advisories/30329
- http://secunia.com/advisories/30715
- http://www.redhat.com/support/errata/RHSA-2008-0485.html
- http://www.securityfocus.com/bid/26188
- http://www.ubuntu.com/usn/usn-537-1
- http://www.ubuntu.com/usn/usn-537-2
- https://bugzilla.redhat.com/show_bug.cgi?id=357071
- https://bugzilla.redhat.com/show_bug.cgi?id=363061
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37410
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10192
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00811.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00841.html