CVE-2007-3920
Summary
| CVE | CVE-2007-3920 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-10-29 21:46:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. |
Risk And Classification
Primary CVSS: v2.0 6.2 from [email protected]
AV:L/AC:H/Au:N/C:C/I:C/A:C
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
HighAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:L/AC:H/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Compiz | Compiz | All | All | All | All |
| Application | Gnome | Screensaver | 2.20 | All | All | All |
| Operating System | Ubuntu | Ubuntu Linux | 7.10 | All | amd64 | All |
| Operating System | Ubuntu | Ubuntu Linux | 7.10 | All | i386 | All |
| Operating System | Ubuntu | Ubuntu Linux | 7.10 | All | powerpc | All |
| Operating System | Ubuntu | Ubuntu Linux | 7.10 | All | sparc | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Ubuntu update for gnome-screensaver and compiz - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Patch, Vendor Advisory |
| Bug 357071 – CVE-2007-3920 gnome-screensaver loses keyboard grab when running under compiz [F7] | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | |
| [SECURITY] Fedora 8 Update: xorg-x11-server-1.3.0.0-40.fc8 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | |
| Red Hat update for compiz - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Gnome-Screensaver With Compiz Lock Bypass Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Patch |
| [security-announce] SUSE Security Announcement: X.org/XFree86 security p | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| SUSE update for xorg-x11 and XFree86 - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| [SECURITY] Fedora 7 Update: xorg-x11-server-1.3.0.0-16.fc7 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | |
| Bug 363061 – CVE-2007-3920 gnome-screensaver loses keyboard grab when running under compiz [F8] | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | |
| Fedora update for xorg-x11-server - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| USN-537-1: gnome-screensaver vulnerability | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Patch |
| USN-537-2: Compiz vulnerability | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2008-05-21 | Joshua Bressers | This issue affected Red Hat Enterprise Linux 5 with a low security impact. An update to the compiz package was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0485.html |
There are currently no legacy QID mappings associated with this CVE.