LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: gnome-screensaver vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that the notify feature in gnome-screensaver could let a local attacker read the clipboard contents of a locked session by using Ctrl-V. (CVE-2007-6389) Alan Matsuoka discovered that gnome-screensaver did not properly handle network outages when using a remote authentication service. During a network interruption, or by disconnecting the network cable, a local attacker could gain access to locked sessions. (CVE-2008-0887)
===========================================================
Ubuntu Security Notice USN-669-1          November 11, 2008
gnome-screensaver vulnerabilities
CVE-2007-6389, CVE-2008-0887
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  gnome-screensaver               2.14.3-0ubuntu1.1

Ubuntu 7.10:
  gnome-screensaver               2.20.0-0ubuntu4.3

After a standard system upgrade you need to restart all user sessions on
your computer to effect the necessary changes.

Details follow:

It was discovered that the notify feature in gnome-screensaver could let
a local attacker read the clipboard contents of a locked session by
using Ctrl-V. (CVE-2007-6389)

Alan Matsuoka discovered that gnome-screensaver did not properly handle
network outages when using a remote authentication service. During a
network interruption, or by disconnecting the network cable, a local
attacker could gain access to locked sessions. (CVE-2008-0887)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.14.3-0ubuntu1.1.diff.gz
      Size/MD5:    14632 858a17bd71cf1969f89c9f7248840e0b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.14.3-0ubuntu1.1.dsc
      Size/MD5:     1515 100a66b14d50912bd73b49b6915d849b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.14.3.orig.tar.gz
      Size/MD5:  2122211 9c95c9d0ad4c44a215546dd4b95992b0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.14.3-0ubuntu1.1_amd64.deb
      Size/MD5:  1502090 d5bfdd6505afe949c6414fb01dab0bb9

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.14.3-0ubuntu1.1_i386.deb
      Size/MD5:  1483824 bcb42c8bb0a73fbc06c5a465a75fa299

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.14.3-0ubuntu1.1_powerpc.deb
      Size/MD5:  1499086 d7e65422d70d2ff6405b0472f03b1c1f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.14.3-0ubuntu1.1_sparc.deb
      Size/MD5:  1486326 bff6d9f48780721f2621a0c6895aa143

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.3.diff.gz
      Size/MD5:    25605 044d070d183f0e073dc1ac81945b0cc5
    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.3.dsc
      Size/MD5:     1695 472b10fdbd46177cbe20b58350265d64
    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0.orig.tar.gz
      Size/MD5:  2320018 db71d89c66fa3a96b3b276403b5bb723

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.3_amd64.deb
      Size/MD5:  1587388 6655526c8225d3b139eb36c1cbbf948a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.3_i386.deb
      Size/MD5:  1570386 456e6a56f46efac8de675aa906bf70c2

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.3_lpia.deb
      Size/MD5:  1569166 c7f1ce8eeee0127cd557a78cf9591b36

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.3_powerpc.deb
      Size/MD5:  1606010 a65b33b3a95a7d23bcbdd5e894785852

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.20.0-0ubuntu4.3_sparc.deb
      Size/MD5:  1576698 1566098fa61738a75ecaf0c98886eac1



--=-4IVhQM1uIY3V+c53vAYj
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkkZ6YMACgkQLMAs/0C4zNqEIQCdEUWEt3CYBpeUaE+twytiUGPA
g/gAnRoDkRs4ytcBYz2oK0i1G2Exq61n
=WxiA
-----END PGP SIGNATURE-----

--=-4IVhQM1uIY3V+c53vAYj--



--============== 13297292607603603=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--============== 13297292607603603==--
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.