Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-669-1: gnome-screensaver vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-669-1: gnome-screensaver vulnerabilities
# 1  
Old 11-11-2008
USN-669-1: gnome-screensaver vulnerabilities
Referenced CVEs:
CVE-2007-6389, CVE-2008-0887


Description:
===========================================================Ubuntu Security Notice USN-669-1 November 11, 2008gnome-screensaver vulnerabilitiesCVE-2007-6389, CVE-2008-0887===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: gnome-screensaver 2.14.3-0ubuntu1.1Ubuntu 7.10: gnome-screensaver 2.20.0-0ubuntu4.3After a standard system upgrade you need to restart all user sessions onyour computer to effect the necessary changes.Details follow:It was discovered that the notify feature in gnome-screensaver could leta local attacker read the clipboard contents of a locked session byusing Ctrl-V. (CVE-2007-6389)Alan Matsuoka discovered that gnome-screensaver did not properly handlenetwork outages when using a remote authentication service. During anetwork interruption, or by disconnecting the network cable, a localattacker could gain access to locked sessions. (CVE-2008-0887)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT SUSE

gnome-screensaver-command

gnome-screensaver-command(1)				      General Commands Manual				      gnome-screensaver-command(1)

NAME

       gnome-screensaver-command - controls GNOME screensaver

SYNOPSIS

       gnome-screensaver-command [OPTION...]

DESCRIPTION

       gnome-screensaver-command is a tool for controlling an already running instance of gnome-screensaver.

OPTIONS

       --exit Causes the screensaver to exit gracefully

       -q, --query
	      Query the state of the screensaver

       -t, --time
	      Query the length of time the screensaver has been active

       -l, --lock
	      Tells the running screensaver process to lock the screen immediately

       -c, --cycle
	      If the screensaver is active then switch to another graphics demo

       -a, --activate
	      Turn the screensaver on (blank the screen)

       -d, --deactivate
	      If the screensaver is active then deactivate it (un-blank the screen)

       -p, --poke
	      Poke the running screensaver to simulate user activity

       -i, --inhibit
	      Inhibit the screensaver from activating. Command blocks while inhibit is active.

       -n, --application-name
	      The calling application that is inhibiting the screensaver

       -r, --reason
	      The reason for inhibiting the screensaver

       -V, --version
	      Version of this application

AUTHORS

       gnome-screensaver-command is written by William Jon McCann <mccann@jhu.edu>.

       This manual page was written by Sven Arvidsson <sa@whiz.se>.

SEE ALSO

       gnome-screensaver(1)

GNOME
								    2007-09-27					      gnome-screensaver-command(1)