Vulnerability Details : CVE-2014-1949
GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.
Vulnerability category: BypassGain privilege
Products affected by CVE-2014-1949
- cpe:2.3:a:gnome:gtk:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:linuxmint:linux_mint:17.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1949
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1949
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2014-1949
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1949
-
http://www.ubuntu.com/usn/USN-2475-1
USN-2475-1: GTK+ update | Ubuntu security noticesThird Party Advisory
-
http://seclists.org/oss-sec/2014/q1/327
oss-sec: cinnamon-screensaver lock bypass (tested on Fedora 20)Mailing List;Third Party Advisory
-
http://advisories.mageia.org/MGASA-2014-0374.html
Mageia Advisory: MGASA-2014-0374 - Updated gtk+3.0 packages fix CVE-2014-1949Third Party Advisory
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759145
#759145 - Followup: CVE-2014-1949: cinnamon-screensaver can be bypassed by pressing Menu key - Debian Bug report logsThird Party Advisory
-
http://seclists.org/oss-sec/2014/q1/331
oss-sec: Re: cinnamon-screensaver lock bypass (tested on Fedora 20)Mailing List;Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:162
mandriva.comBroken Link
-
https://bugzilla.redhat.com/show_bug.cgi?id=1064695
1064695 – (CVE-2014-1949) CVE-2014-1949 cinnamon: bypass screensaver lock via the keyboard's Menu keyIssue Tracking
-
https://github.com/linuxmint/cinnamon-screensaver/issues/44
[also affects Mint 17] [CVE-2014-1949]cinnamon-screensaver lock bypass (tested on Fedora 20) · Issue #44 · linuxmint/cinnamon-screensaver · GitHubThird Party Advisory
Jump to