Bug 565527 (CVE-2010-0732)

Summary: CVE-2010-0732 gnome-screensaver: Race condition between shaking the unlock dialog and clearing the screen
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: jmccann, mclasen, rcvalle, rstrode, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://bugzilla.gnome.org/show_bug.cgi?id=598476
Whiteboard: impact=important,source=oss-security,reported=20100212,public=20091014,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cwe=CWE-662->CWE-362->CWE-672->CWE-119->CWE-305
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-16 13:13:16 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 565532    
Bug Blocks:    

Description Jan Lieskovsky 2010-02-15 10:18:53 EST
Chris Coulson reported gnome-screensaver is prone to race
condition between two subsequent actions -- shaking the
unlock dialog and clearing the screen. A local attacker
could use this flaw to cause a denial of service
(gnome-screensaver crash), which allows physically proximate
attackers to access an unattended workstation on which screen
locking had been intended.

Upstream bug report:
  https://bugzilla.gnome.org/show_bug.cgi?id=598476

Upstream patch:
  http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0

CVE Request:
  http://www.openwall.com/lists/oss-security/2010/02/12/1

References:
  http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Linux-wirkungslos-928580.html
Comment 1 Jan Lieskovsky 2010-02-15 10:22:41 EST
This issue affects the version of the gnome-screensaver package,
as shipped with Red Hat Enteprise Linux 5.

This issue affects the current version of the gnome-screensaver
package, as shipped with Fedora release of 11
(gnome-screensaver-2.26.1-3.fc11).

This issue does NOT affect the current version of
the gnome-screensaver package, as shipped with Fedora 12
(gnome-screensaver-2.28.3-1.fc12) -- this issue was already
addressed here.
Comment 3 Ray Strode [halfline] 2010-02-15 11:30:17 EST
this bug isn't a gnome-screensaver bug.  It was a gtk bug. The patch from Chris
Coulson was commited, but it wasn't the fix for the problem.  The fix for the
problem was in gtk.    

Fix was here:
http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1    

This bug does not affect RHEL5 or Fedora 11.
Comment 4 Vincent Danen 2010-03-16 13:13:16 EDT
This issue was assigned CVE-2010-0732.