Vulnerabilities > CVE-2007-6389 - Local Information Disclosure vulnerability in Gnome Screensaver 2.20
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-669-1.NASL description It was discovered that the notify feature in gnome-screensaver could let a local attacker read the clipboard contents of a locked session by using Ctrl-V. (CVE-2007-6389) Alan Matsuoka discovered that gnome-screensaver did not properly handle network outages when using a remote authentication service. During a network interruption, or by disconnecting the network cable, a local attacker could gain access to locked sessions. (CVE-2008-0887). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36364 published 2009-04-23 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36364 title Ubuntu 6.06 LTS / 7.10 : gnome-screensaver vulnerabilities (USN-669-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-669-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(36364); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2007-6389", "CVE-2008-0887"); script_xref(name:"USN", value:"669-1"); script_name(english:"Ubuntu 6.06 LTS / 7.10 : gnome-screensaver vulnerabilities (USN-669-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that the notify feature in gnome-screensaver could let a local attacker read the clipboard contents of a locked session by using Ctrl-V. (CVE-2007-6389) Alan Matsuoka discovered that gnome-screensaver did not properly handle network outages when using a remote authentication service. During a network interruption, or by disconnecting the network cable, a local attacker could gain access to locked sessions. (CVE-2008-0887). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/669-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected gnome-screensaver package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnome-screensaver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"patch_publication_date", value:"2008/11/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 7.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"gnome-screensaver", pkgver:"2.14.3-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"gnome-screensaver", pkgver:"2.20.0-0ubuntu4.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-screensaver"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-135.NASL description A vulnerability was found in gnome-screensaver 2.20.0 that could possibly allow a local user to read the clipboard contents and X selection data for a locked session by using CTRL-V (CVE-2007-6389). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 37945 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37945 title Mandriva Linux Security Advisory : gnome-screensaver (MDVSA-2008:135) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2008:135. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(37945); script_version ("1.11"); script_cvs_date("Date: 2019/08/02 13:32:50"); script_cve_id("CVE-2007-6389"); script_xref(name:"MDVSA", value:"2008:135"); script_name(english:"Mandriva Linux Security Advisory : gnome-screensaver (MDVSA-2008:135)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandriva Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "A vulnerability was found in gnome-screensaver 2.20.0 that could possibly allow a local user to read the clipboard contents and X selection data for a locked session by using CTRL-V (CVE-2007-6389). The updated packages have been patched to correct this issue." ); script_set_attribute( attribute:"solution", value:"Update the affected gnome-screensaver package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gnome-screensaver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", reference:"gnome-screensaver-2.20.0-2.2mdv2008.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2008-2872.NASL description This update addresses CVE-2007-6389 a flaw where the contents of the user last seen 2020-06-01 modified 2020-06-02 plugin id 31750 published 2008-04-04 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31750 title Fedora 8 : gnome-screensaver-2.20.0-11.fc8 (2008-2872) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-2872. # include("compat.inc"); if (description) { script_id(31750); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:27"); script_cve_id("CVE-2007-6389"); script_xref(name:"FEDORA", value:"2008-2872"); script_name(english:"Fedora 8 : gnome-screensaver-2.20.0-11.fc8 (2008-2872)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update addresses CVE-2007-6389 a flaw where the contents of the user's clipboard can be accessed from the 'Leave Message' feature within the lock screen dialog. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=426170" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009103.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ddbc3603" ); script_set_attribute( attribute:"solution", value:"Update the affected gnome-screensaver package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnome-screensaver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"gnome-screensaver-2.20.0-11.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-screensaver"); }NASL family Fedora Local Security Checks NASL id FEDORA_2008-2818.NASL description This update addresses CVE-2007-6389 a flaw where the contents of the user last seen 2020-06-01 modified 2020-06-02 plugin id 31744 published 2008-04-04 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31744 title Fedora 7 : gnome-screensaver-2.18.2-3.fc7 (2008-2818) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-2818. # include("compat.inc"); if (description) { script_id(31744); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:27"); script_cve_id("CVE-2007-6389"); script_xref(name:"FEDORA", value:"2008-2818"); script_name(english:"Fedora 7 : gnome-screensaver-2.18.2-3.fc7 (2008-2818)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update addresses CVE-2007-6389 a flaw where the contents of the user's clipboard can be accessed from the 'Leave Message' feature within the lock screen dialog. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=426169" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009045.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?47ad28de" ); script_set_attribute( attribute:"solution", value:"Update the affected gnome-screensaver package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnome-screensaver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"gnome-screensaver-2.18.2-3.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-screensaver"); }NASL family SuSE Local Security Checks NASL id SUSE_GNOME-SCREENSAVER-5506.NASL description This update of gnome-screensaver disallows local users to read the contents of the clipboard for a locked screen using ctrl-v. (CVE-2007-6389) last seen 2020-06-01 modified 2020-06-02 plugin id 33896 published 2008-08-15 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33896 title openSUSE 10 Security Update : gnome-screensaver (gnome-screensaver-5506) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update gnome-screensaver-5506. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(33896); script_version ("1.7"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2007-6389"); script_name(english:"openSUSE 10 Security Update : gnome-screensaver (gnome-screensaver-5506)"); script_summary(english:"Check for the gnome-screensaver-5506 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of gnome-screensaver disallows local users to read the contents of the clipboard for a locked screen using ctrl-v. (CVE-2007-6389)" ); script_set_attribute( attribute:"solution", value:"Update the affected gnome-screensaver package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-screensaver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2008/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.3", reference:"gnome-screensaver-2.20.0-6.6") ) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-screensaver"); }
Seebug
bulletinFamily exploit description BUGTRAQ ID: 30096 CVE ID:CVE-2007-6389 CNCVE ID:CNCVE-20076389 Gnome Screensaver是一款屏幕保护管理程序。 Gnome Screensaver存在信息泄漏问题,本地攻击者可以利用漏洞获得剪贴板中的敏感信息。 屏幕保护管理程序包含一个功能,允许在返回解锁会话时返回消息给登录用户,物理能访问系统的攻击者可以通过Ctrl+V并使用点鼠标中键在解锁会话时获得剪贴板内容信息,导致敏感信息泄漏。 Linux kernel 2.6.26 -rc6 Linux kernel 2.6.25 .5 Linux kernel 2.6.25 Linux kernel 2.6.24 .2 Linux kernel 2.6.24 .1 Linux kernel 2.6.24 -rc5 Linux kernel 2.6.24 -rc4 Linux kernel 2.6.24 -rc3 Linux kernel 2.6.23 .7 Linux kernel 2.6.23 .6 Linux kernel 2.6.23 .5 Linux kernel 2.6.23 .4 Linux kernel 2.6.23 .3 Linux kernel 2.6.23 .2 Linux kernel 2.6.23 -rc2 Linux kernel 2.6.23 -rc1 Linux kernel 2.6.23 Linux kernel 2.6.22 7 Linux kernel 2.6.22 1 Linux kernel 2.6.22 .8 Linux kernel 2.6.22 .6 Linux kernel 2.6.22 .5 Linux kernel 2.6.22 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 GNOME gnome-screensaver 2.20 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 可参考如下链接获得补丁信息: <a href=http://bugzilla.gnome.org/show_bug.cgi?id=482159 target=_blank>http://bugzilla.gnome.org/show_bug.cgi?id=482159</a> id SSV:3572 last seen 2017-11-19 modified 2008-07-08 published 2008-07-08 reporter Root title Gnome Screensaver本地信息泄漏漏洞 bulletinFamily exploit description BUGTRAQ ID: 30096 CVE(CAN) ID: CVE-2007-6389 gnome-screensaver是用于取代xscreensaver的屏保程序。 当登录用户返回并打开锁定的会话时,gnome-screensaver的Leave message功能会向该用户发送一条消息。这时如果本地攻击者执行了Ctrl+V操作的话,就可以读取X选择和剪贴板缓冲区的敏感信息。 GNOME gnome-screensaver 2.20 GNOME ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://live.gnome.org/GnomeScreensaver/ target=_blank>http://live.gnome.org/GnomeScreensaver/</a> id SSV:3579 last seen 2017-11-19 modified 2008-07-09 published 2008-07-09 reporter Root title Gnome屏保程序本地信息泄露漏洞
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=455484
- http://bugzilla.gnome.org/show_bug.cgi?id=482159
- http://bugzilla.gnome.org/show_bug.cgi?id=503005
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
- http://secunia.com/advisories/29595
- http://secunia.com/advisories/29666
- http://secunia.com/advisories/31687
- http://secunia.com/advisories/32691
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:135
- http://www.securityfocus.com/bid/30096
- http://www.ubuntu.com/usn/USN-669-1
- https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/146862
- https://bugzilla.redhat.com/show_bug.cgi?id=421461
- https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00020.html
- https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00078.html