Chris Coulson reported gnome-screensaver is prone to race
condition between two subsequent actions -- shaking the
unlock dialog and clearing the screen. A local attacker
could use this flaw to cause a denial of service
(gnome-screensaver crash), which allows physically proximate
attackers to access an unattended workstation on which screen
locking had been intended.
Upstream bug report:
This issue affects the version of the gnome-screensaver package,
as shipped with Red Hat Enteprise Linux 5.
This issue affects the current version of the gnome-screensaver
package, as shipped with Fedora release of 11
This issue does NOT affect the current version of
the gnome-screensaver package, as shipped with Fedora 12
(gnome-screensaver-2.28.3-1.fc12) -- this issue was already
this bug isn't a gnome-screensaver bug. It was a gtk bug. The patch from Chris
Coulson was commited, but it wasn't the fix for the problem. The fix for the
problem was in gtk.
Fix was here:
This bug does not affect RHEL5 or Fedora 11.
This issue was assigned CVE-2010-0732.