Vulnerability Details : CVE-2009-4641
gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.
Products affected by CVE-2009-4641
- cpe:2.3:a:gnome:screensaver:2.28.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-4641
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-4641
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
Vendor statements for CVE-2009-4641
-
Red Hat 2010-03-17Not vulnerable. This issue did not affect the versions of gnome-screensaver as shipped with Red Hat Enterprise Linux 5.
References for CVE-2009-4641
-
https://launchpad.net/bugs/411350
Bug #411350 “gnome-screensaver not functioning” : Bugs : gnome-screensaver package : Ubuntu
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:040
mandriva.com
-
http://www.ubuntu.com/usn/USN-866-1
USN-866-1: gnome-screensaver vulnerability | Ubuntu security notices | Ubuntu
-
https://bugzilla.gnome.org/show_bug.cgi?id=600488
Bug 600488 – Totem is leaking session inhibitorsPatch
Jump to