Vulnerabilities > CVE-2010-0285 - Unspecified vulnerability in Gnome Screensaver
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
NONE Summary
gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-907-1.NASL description It was discovered that gnome-screensaver did not correctly lock all screens when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. (CVE-2010-0285) It was discovered that gnome-screensaver did not correctly handle keyboard grab when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. This issue only affected Ubuntu 9.10. (CVE-2010-0422). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 45016 published 2010-03-09 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45016 title Ubuntu 8.10 / 9.04 / 9.10 : gnome-screensaver vulnerabilities (USN-907-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-907-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(45016); script_version("1.12"); script_cvs_date("Date: 2019/09/19 12:54:26"); script_cve_id("CVE-2010-0285", "CVE-2010-0422"); script_bugtraq_id(38254); script_xref(name:"USN", value:"907-1"); script_name(english:"Ubuntu 8.10 / 9.04 / 9.10 : gnome-screensaver vulnerabilities (USN-907-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that gnome-screensaver did not correctly lock all screens when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. (CVE-2010-0285) It was discovered that gnome-screensaver did not correctly handle keyboard grab when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. This issue only affected Ubuntu 9.10. (CVE-2010-0422). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/907-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected gnome-screensaver package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnome-screensaver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/02/24"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(8\.10|9\.04|9\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.10 / 9.04 / 9.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.10", pkgname:"gnome-screensaver", pkgver:"2.24.0-0ubuntu2.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"gnome-screensaver", pkgver:"2.24.0-0ubuntu6.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"gnome-screensaver", pkgver:"2.28.0-0ubuntu3.5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-screensaver"); }NASL family SuSE Local Security Checks NASL id SUSE_11_2_GNOME-SCREENSAVER-100120.NASL description When resuming a system gnome-screensaver doesn last seen 2020-06-01 modified 2020-06-02 plugin id 44617 published 2010-02-15 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44617 title openSUSE Security Update : gnome-screensaver (gnome-screensaver-1837) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update gnome-screensaver-1837. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(44617); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2010-0285"); script_name(english:"openSUSE Security Update : gnome-screensaver (gnome-screensaver-1837)"); script_summary(english:"Check for the gnome-screensaver-1837 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "When resuming a system gnome-screensaver doesn't lock external displays that got connected while the system was suspended (CVE-2010-0285)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=550695" ); script_set_attribute( attribute:"solution", value:"Update the affected gnome-screensaver packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-screensaver"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-screensaver-lang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.2", reference:"gnome-screensaver-2.28.0-2.4.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"gnome-screensaver-lang-2.28.0-2.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-screensaver / gnome-screensaver-lang"); }NASL family SuSE Local Security Checks NASL id SUSE_11_1_GNOME-SCREENSAVER-100120.NASL description When resuming a system gnome-screensaver doesn last seen 2020-06-01 modified 2020-06-02 plugin id 44612 published 2010-02-15 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44612 title openSUSE Security Update : gnome-screensaver (gnome-screensaver-1837) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update gnome-screensaver-1837. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(44612); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2010-0285"); script_name(english:"openSUSE Security Update : gnome-screensaver (gnome-screensaver-1837)"); script_summary(english:"Check for the gnome-screensaver-1837 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "When resuming a system gnome-screensaver doesn't lock external displays that got connected while the system was suspended (CVE-2010-0285)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=550695" ); script_set_attribute( attribute:"solution", value:"Update the affected gnome-screensaver packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-screensaver"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-screensaver-lang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"gnome-screensaver-2.24.0-7.9.2") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"gnome-screensaver-lang-2.24.0-7.9.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-screensaver / gnome-screensaver-lang"); }NASL family SuSE Local Security Checks NASL id SUSE_11_GNOME-SCREENSAVER-100318.NASL description - When resuming a system, gnome-screensaver does not lock external displays that got connected while the system was suspended. (CVE-2010-0285) - Pressing the last seen 2020-06-01 modified 2020-06-02 plugin id 64151 published 2013-01-25 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64151 title SuSE 11 Security Update : GNOME screensaver (SAT Patch Number 2150) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(64151); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:39"); script_cve_id("CVE-2010-0285", "CVE-2010-0732"); script_name(english:"SuSE 11 Security Update : GNOME screensaver (SAT Patch Number 2150)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: " - When resuming a system, gnome-screensaver does not lock external displays that got connected while the system was suspended. (CVE-2010-0285) - Pressing the 'Return' key repeatedly caused an X error that terminated gnome-screensaver. (CVE-2010-0732)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=512308" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=550695" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=563991" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=579250" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0285.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0732.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 2150."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:gnome-screensaver"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:gnome-screensaver-lang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0"); flag = 0; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"gnome-screensaver-2.24.0-14.27.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"gnome-screensaver-lang-2.24.0-14.27.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"gnome-screensaver-2.24.0-14.27.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"gnome-screensaver-lang-2.24.0-14.27.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"gnome-screensaver-2.24.0-14.27.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"gnome-screensaver-lang-2.24.0-14.27.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_11_2_GNOME-SCREENSAVER-100214.NASL description gnome-screensaver was updated to the stable release 2.28.3, fixing various bugs and security issues. Following security issues have been fixed: When resuming a system gnome-screensaver does not lock external displays that got connected while the system was suspended (CVE-2010-0285: CVSS v2 Base Score: 5.6). Additionally another bug in gnome-screensaver was fixed that allowed bypassing the unlock dialog by using a removable monitor. (CVE-2010-0414: CVSS v2 Base Score: 6.2) Pressing last seen 2020-06-01 modified 2020-06-02 plugin id 44622 published 2010-02-16 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44622 title openSUSE Security Update : gnome-screensaver (gnome-screensaver-1973) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update gnome-screensaver-1973. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(44622); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2010-0285", "CVE-2010-0414", "CVE-2010-0422"); script_name(english:"openSUSE Security Update : gnome-screensaver (gnome-screensaver-1973)"); script_summary(english:"Check for the gnome-screensaver-1973 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "gnome-screensaver was updated to the stable release 2.28.3, fixing various bugs and security issues. Following security issues have been fixed: When resuming a system gnome-screensaver does not lock external displays that got connected while the system was suspended (CVE-2010-0285: CVSS v2 Base Score: 5.6). Additionally another bug in gnome-screensaver was fixed that allowed bypassing the unlock dialog by using a removable monitor. (CVE-2010-0414: CVSS v2 Base Score: 6.2) Pressing 'return' repeatedly caused a X error which terminated the lock and so allowed local users to access the underlying session. (no CVE yet) CVE-2010-0422: gnome-screensaver can lose its keyboard grab when locked, exposing the system to intrusion by adding and removing monitors." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=550695" ); script_set_attribute( attribute:"solution", value:"Update the affected gnome-screensaver packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-screensaver"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-screensaver-lang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2"); script_set_attribute(attribute:"patch_publication_date", value:"2010/02/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.2", reference:"gnome-screensaver-2.28.3-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"gnome-screensaver-lang-2.28.3-0.1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-screensaver"); }
Related news
References
- http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca
- http://security-tracker.debian.org/tracker/CVE-2010-0285
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:093
- http://www.securityfocus.com/bid/38254
- https://bugzilla.gnome.org/show_bug.cgi?id=593616
- https://bugzilla.redhat.com/show_bug.cgi?id=557525
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56366