Vulnerability Details : CVE-2013-1050
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.
Products affected by CVE-2013-1050
- cpe:2.3:a:gnome:gnome_screensaver:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_screensaver:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_screensaver:3.6.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1050
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1050
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2013-1050
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1050
-
https://bugzilla.gnome.org/show_bug.cgi?id=683060
Bug 683060 – Impossible to unlock screen if not using GDM
-
https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126
Bug #1120126 “Screen locking broken because of AutostartConditio...” : Bugs : gnome-screensaver package : UbuntuVendor Advisory
-
https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4
move gnome-screensaver desktop file out of autostart (1940dc6b) · Commits · Archive / gnome-screensaver · GitLab
-
http://www.ubuntu.com/usn/USN-1716-1
USN-1716-1: gnome-screensaver vulnerability | Ubuntu security notices
Jump to