Bug 632973 – CVE-2006-7240 gnome-power-manager: Screen not locked on resume from hibernate / suspend

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 632973 - (CVE-2006-7240) CVE-2006-7240 gnome-power-manager: Screen not locked on resume from hibernate / suspend

Summary:	CVE-2006-7240 gnome-power-manager: Screen not locked on resume from hibernate...

Status:	CLOSED NOTABUG

Aliases:	CVE-2006-7240

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	public=20060429,reported=20100907,sou...
Keywords:	Security

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2010-09-12 05:58 EDT by Jan Lieskovsky
Modified:	2015-08-19 04:54 EDT (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2010-09-17 10:10:34 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Jan Lieskovsky 2010-09-12 05:58:51 EDT

Common Vulnerabilities and Exposures assigned an identifier CVE-2006-7240 to
the following vulnerability:

gnome-power-manager 2.14.0 does not properly implement the
lock_on_suspend and lock_on_hibernate settings for locking the screen
when the suspend or hibernate button is pressed, which might make it
easier for physically proximate attackers to access an unattended
laptop via a resume action, a related issue to CVE-2010-2532.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7240
[2] https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/42052

Comment 2 Richard Hughes 2010-09-13 05:16:05 EDT

(In reply to comment #0)
> gnome-power-manager 2.14.0 does not properly implement the
> lock_on_suspend and lock_on_hibernate settings for locking the screen
> when the suspend or hibernate button is pressed, which might make it
> easier for physically proximate attackers to access an unattended
> laptop via a resume action, a related issue to CVE-2010-2532.

Unless the admin has set /apps/gnome-power-manager/lock/use_screensaver_settings to FALSE, it uses the screensaver settings. That's not a bug surely?

Richard.

Comment 3 Huzaifa S. Sidhpurwala 2010-09-15 00:25:36 EDT

I think the ubuntu bug is referring to the scenario where use_screensaver_settings is set to FALSE, which results in gnome-power-manager not locking the screen.

Comment 9 Huzaifa S. Sidhpurwala 2010-09-17 10:09:52 EDT

This issue did not affect the versions of the gnome-power-manager packages, as shipped with Red Hat Enterprise Linux 5.
--
This issue did not affect the versions of the gnome-power-manager packages, as shipped with Fedora 12 and 13.

Note You need to log in before you can comment on or make changes to this bug.