Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-688-1: Compiz vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-688-1: Compiz vulnerability
# 1  
Old 12-08-2008
USN-688-1: Compiz vulnerability
Description:
=========================================================== Ubuntu Security Notice USN-688-1 December 09, 2008 compiz-fusion-plugins-main vulnerability https://launchpad.net/bugs/247088 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: compiz-fusion-plugins-main 0.5.2+git20070928-0ubuntu2.2 Ubuntu 8.04 LTS: compiz-fusion-plugins-main 0.7.4-0ubuntu6.2 Ubuntu 8.10: compiz-fusion-plugins-main 0.7.8-0ubuntu2.2 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: It was discovered that the Expo plugin for Compiz did not correctly restrict the screensaver window from being moved with the mouse. A local attacker could use the mouse to move the screensaver off the screen and gain access to the locked desktop session underneath. Default installs of Ubuntu were not vulnerable as Expo does not come pre-configured with mouse bindings.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT CENTOS

pluginviewer

PLUGINVIEWER(8) 					      System Manager's Manual						   PLUGINVIEWER(8)

NAME

       pluginviewer - list loadable SASL plugins and their properties

SYNOPSIS

       pluginviewer [-a] [-s] [-c] [-b min=N,max=N] [-e ssf=N,id=ID] [-m MECHS] [-x AUXPROP_MECH] [-f FLAGS] [-p PATH]

DESCRIPTION

       pluginviewer can be used by a server administrator to troubleshoot SASL installations.  The utility can list loadable (properly configured)
       client and server side plugins, as well as auxprop plugins.

OPTIONS

       -a     List auxprop plugins.

       -s     List server authentication (SASL) plugins.

       -c     List client authentication (SASL) plugins.

       -b min=N1,max=N2
	      List client authentication (SASL) plugins.  Strength of the SASL security layer in bits. min=N1 specifies the  minumum  strength	to
	      use  (1  =>  integrity protection). max=N2 specifies the maximum strength to use.  Only SASL mechanisms which support security layer
	      with strength M such that N1 <= M <= N2 will be shown.

       -e ssf=N,id=ID
	      Assume that an external security layer (e.g. TLS) with N-bit strength is installed.  The ID is the authentication identity  used	by
	      the external security layer.

       -m MECHS
	      Limit listed SASL plugins to the ones included in the MECHS (space separated) list.

       -x AUXPROP_MECHS
	      Limit listed auxprop plugins to the one listed in the AUXPROP_MECHS (space separated) list.

       -f FLAGS
	      Set  security flags. FLAGS is a comma separated list of one or more of the following security flags: noplain (SASL mechanism doesn't
	      send password in the clear during authentication), noactive (require protection from active  attacks),  nodict  (require	mechanisms
	      which  are  secure  against passive dictionary attacks), forwardsec (require forward secrecy), passcred (require mechanisms that can
	      delegate client credentials), maximum (require all security flags).

       -p PATH
	      Specifies a colon-separated search path for plugins.

SEE ALSO

       rfc4422 - Simple Authentication and Security Layer (SASL)

CMU SASL
							   Apr 10, 2006 						   PLUGINVIEWER(8)