Vigil@nce :GNOME, unlocking gnome-screensaver
February 2010 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can stop gnome-screensaver when the
authentication window shakes, in order to access to user’s session.
Severity: 2/4
Consequences: user access/rights
Provenance: user console
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 12/02/2010
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The gnome-screensaver program locks the screen and displays a
drawing.
When the user entered five times an invalid password, the
authentication window shakes. However, during this visual effect,
an attacker can keep pressing the Enter key, in order to stop
gnome-screensaver.
A local attacker can therefore stop gnome-screensaver when the
authentication window shakes, in order to access to user’s session.
CHARACTERISTICS
Identifiers: 598476, BID-38211, VIGILANCE-VUL-9446
http://vigilance.fr/vulnerability/GNOME-unlocking-gnome-screensaver-9446