Vulnerabilities > CVE-2013-7220 - Unspecified vulnerability in Gnome Gnome-Shell
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search. Per: https://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
Vulnerable Configurations
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID:64546 CVE ID:CVE-2013-7220 gnome是一个linux操作系统的桌面环境, gnome-shell是gnome桌面环境的窗口管理程序。 GNOME gnome-shell用户打开Activities面板或者"Enter a command"对话框(Alt+F2),然后锁屏时存在一个安全漏洞,允许本地攻击者利用漏洞在锁屏上输入任意命令并执行任意命令。 0 GNOME gnome-shell 厂商补丁: GNOME ----- 用户可参考如下厂商提供的安全公告获得补丁信息: https://git.gnome.org/browse/gnome-shell/commit/js/ui/screenShield.js?id=209014b083dbe86ed0e0860a6016735571b56f94 |
| id | SSV:61239 |
| last seen | 2017-11-19 |
| modified | 2013-12-30 |
| published | 2013-12-30 |
| reporter | Root |
| title | GNOME gnome-shell本地任意命令执行漏洞 |
References
- http://www.openwall.com/lists/oss-security/2013/12/27/4
- http://www.openwall.com/lists/oss-security/2013/12/27/6
- http://www.openwall.com/lists/oss-security/2013/12/27/8
- https://bugzilla.gnome.org/show_bug.cgi?id=686740
- https://bugzilla.redhat.com/show_bug.cgi?id=1030431
- https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j