Vulnerability Details : CVE-2009-4642
gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.
Products affected by CVE-2009-4642
- cpe:2.3:a:gnome:screensaver:2.26.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-4642
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-4642
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2009-4642
-
https://bugzilla.gnome.org/show_bug.cgi?id=592093
Bug 592093 – Reliance on gnome-session
-
https://launchpad.net/bugs/411350
Bug #411350 “gnome-screensaver not functioning” : Bugs : gnome-screensaver package : Ubuntu
-
http://bugzilla.xfce.org/show_bug.cgi?id=5927
5927 – gnome-screensaver not activated
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536381
#536381 - gnome-screensaver: idle time on the computer is not taken into account - Debian Bug report logs
-
https://launchpad.net/bugs/493573
Bug #493573 “gnome-screensaver doesn't activate under XFCE” : Bugs : xfce4-session package : Ubuntu
Jump to