Vulnerabilities > CVE-2013-7220 - Unspecified vulnerability in Gnome Gnome-Shell

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
gnome

Summary

js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search. Per: https://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"

Vulnerable Configurations

Part Description Count
Application
Gnome
70

Seebug

bulletinFamilyexploit
descriptionBugtraq ID:64546 CVE ID:CVE-2013-7220 gnome是一个linux操作系统的桌面环境, gnome-shell是gnome桌面环境的窗口管理程序。 GNOME gnome-shell用户打开Activities面板或者"Enter a command"对话框(Alt+F2),然后锁屏时存在一个安全漏洞,允许本地攻击者利用漏洞在锁屏上输入任意命令并执行任意命令。 0 GNOME gnome-shell 厂商补丁: GNOME ----- 用户可参考如下厂商提供的安全公告获得补丁信息: https://git.gnome.org/browse/gnome-shell/commit/js/ui/screenShield.js?id=209014b083dbe86ed0e0860a6016735571b56f94
idSSV:61239
last seen2017-11-19
modified2013-12-30
published2013-12-30
reporterRoot
titleGNOME gnome-shell本地任意命令执行漏洞