Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 570330 - (CVE-2010-0923) CVE-2010-0923 kdebase: race condition may allow local attackers to bypass screen locking
CVE-2010-0923 kdebase: race condition may allow local attackers to bypass scr...
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
http://web.nvd.nist.gov/view/vuln/det...
impact=important,source=cve,reported=...
: Security
Depends On: 570331
Blocks:
  Show dependency treegraph
 
Reported: 2010-03-03 16:45 EST by Vincent Danen
Modified: 2012-07-19 11:49 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-03-03 22:43:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Vincent Danen 2010-03-03 16:45:42 EST 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0923 to
the following vulnerability:

Name: CVE-2010-0923
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0923
Assigned: 20100303
Reference: MLIST:[oss-security] 20100212 CVE Request: KDE screensaver unlock issue similar to GNOME one
Reference: URL: http://marc.info/?l=oss-security&m=126598163422670&w=2
Reference: MLIST:[oss-security] 20100212 Re: CVE Request: KDE screensaver unlock issue similar to GNOME one
Reference: URL: http://marc.info/?l=oss-security&m=126599909614401&w=2
Reference: MLIST:[oss-security] 20100212 Re: Re: CVE Request: KDE screensaver unlock issue similar to GNOME one
Reference: URL: http://marc.info/?l=oss-security&m=126600468622421&w=2
Reference: MLIST:[oss-security] 20100217 Re: Re: CVE Request: KDE screensaver unlock issue similar to GNOME one
Reference: URL: http://www.openwall.com/lists/oss-security/2010/02/17/3
Reference: CONFIRM: http://bugs.kde.org/show_bug.cgi?id=226449
Reference: CONFIRM: http://websvn.kde.org/?revision=1089213&view=revision
Reference: CONFIRM: http://websvn.kde.org/?view=revision&revision=1089241
Reference: CONFIRM: http://websvn.kde.org/trunk/KDE/kdebase/workspace/krunner/lock/lockdlg.cc?r1=1089213&r2=1089212&pathrev=1089213
Reference: CONFIRM: http://www.kde.org/info/security/advisory-20100217-1.txt
Reference: CONFIRM: https://bugs.kde.org/show_bug.cgi?id=217882
Reference: CONFIRM: https://bugzilla.novell.com/show_bug.cgi?id=579280
Reference: SECTRACK:1023641
Reference: URL: http://securitytracker.com/id?1023641
Reference: SECUNIA:38600
Reference: URL: http://secunia.com/advisories/38600
Reference: VUPEN:ADV-2010-0409
Reference: URL: http://www.vupen.com/english/advisories/2010/0409

Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner
lock module in kdebase in KDE SC 4.4.0 allows physically proximate
attackers to bypass KScreenSaver screen locking and access an
unattended workstation by pressing the Enter key at a certain time,
related to multiple forked processes.
Comment 2 Vincent Danen 2010-03-03 16:47:31 EST 
This issue affects all current Fedora versions, and Fedora rawhide, which all contain version 4.4.0.

This issue does not affect earlier versions of KDE.
Comment 3 Vincent Danen 2010-03-03 22:43:23 EST 
This has actually already been corrected:

* Thu Feb 11 2010 Than Ngo <than@redhat.com> - 4.4.0-4
- move xsession desktop files to main package
  (cannot start kde from gdm if kdm not installed)
- Desktop locking crashes (kde#217882#16)
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.