Vigil@nce: GNOME, second screen non locked
January 2010 by Vigil@nce
After unplugging and plugging back a second screen, it is not
locked by GNOME ScreenSaver.
– Severity: 1/4
– Consequences: user access/rights
– Provenance: user console
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 15/01/2010
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The system can have two (or more) screens, which are locked by
GNOME ScreenSaver.
However, if the victim:
– unplugs his second screen
– unlocks the ScreenSaver to access to his session (GNOME then
memorises that there is only one screen)
– locks the ScreenSaver (ScreenSaver memorises that there is one
screen)
– plugs the second screen
then, GNOME enables the second screen, but the ScreenSaver only
locks the first one.
An attacker, who has a console access to the computer, can thus
access to applications located on victim’s second screen.
CHARACTERISTICS
– Identifiers: 593616, VIGILANCE-VUL-9354
– Url: http://vigilance.fr/vulnerability/GNOME-second-screen-non-locked-9354