Vigil@nce: GNOME, unlocking gnome-screensaver
February 2010 by Vigil@nce
A local attacker can plug a second screen, in order to stop gnome-screensaver.
Consequences: user access/rights
Provenance: user console
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 15/02/2010
Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The gnome-screensaver program locks the screen and displays a drawing.
When a system is locked, an attacker can:
plug a second screen
wait for its autodetection, and wait for the password input form to be displayed on this screen
unplug the secondary screen
press a few keyboard keys The gnome-screensaver then tries to handle keys associated to a non existing screen, which stops it.
A local attacker can therefore plug a second screen, in order to stop gnome-screensaver, and to access to user’s session.
Identifiers: 564464, 609789, CVE-2010-0422, VIGILANCE-VUL-9452