Test ID:	1.3.6.1.4.1.25623.1.0.67048
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-907-1 (gnome-screensaver)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gnome-screensaver announced via advisory USN-907-1. Details follow: It was discovered that gnome-screensaver did not correctly lock all screens when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. (CVE-2010-0285) It was discovered that gnome-screensaver did not correctly handle keyboard grab when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. This issue only affected Ubuntu 9.10. (CVE-2010-0422) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: gnome-screensaver 2.24.0-0ubuntu2.1 Ubuntu 9.04: gnome-screensaver 2.24.0-0ubuntu6.1 Ubuntu 9.10: gnome-screensaver 2.28.0-0ubuntu3.5 After a standard system upgrade you need to restart your session to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-907-1 Risk factor : High CVSS Score: 5.6
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0285 38254 http://www.securityfocus.com/bid/38254 MDVSA-2011:093 http://www.mandriva.com/security/advisories?name=MDVSA-2011:093 http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca http://security-tracker.debian.org/tracker/CVE-2010-0285 https://bugzilla.gnome.org/show_bug.cgi?id=593616 https://bugzilla.redhat.com/show_bug.cgi?id=557525 screensaver-monitor-setup-sec-bypass(56366) https://exchange.xforce.ibmcloud.com/vulnerabilities/56366 Common Vulnerability Exposure (CVE) ID: CVE-2010-0422 38248 http://www.securityfocus.com/bid/38248 38565 http://secunia.com/advisories/38565 38583 http://secunia.com/advisories/38583 FEDORA-2010-1855 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035115.html [oss-security] 20100212 Re: gnome-screensaver vulnerability (CVE-2010-0414) http://marc.info/?l=oss-security&m=126601292400764&w=2 gnome-screensaver-monitor-sec-bypass(56364) https://exchange.xforce.ibmcloud.com/vulnerabilities/56364 http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.3.news http://git.gnome.org/browse/gnome-screensaver/commit/?id=271ae93d7b140b8ba40d77f9e4ce894e5fd1b554 http://git.gnome.org/browse/gnome-screensaver/commit/?id=d4dcbd65a2df3c093c4e3a74bbbc75383eb9eadb http://git.gnome.org/browse/gnome-screensaver/commit/?id=f93a22c175090cf02e80bc3ee676b53f1251f685 https://bugzilla.gnome.org/show_bug.cgi?id=609789 https://bugzilla.redhat.com/show_bug.cgi?id=564464
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.