CVE-2007-3920
Summary
| CVE | CVE-2007-3920 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-10-29 21:46:00 UTC |
| Updated | 2017-09-29 01:29:00 UTC |
| Description | GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Compiz | Compiz | All | All | All | All |
| Application | Compiz | Compiz | All | All | All | All |
| Application | Gnome | Screensaver | 2.20 | All | All | All |
| Application | Gnome | Screensaver | 2.20 | All | All | All |
| Operating System | Ubuntu | Ubuntu Linux | 7.10 | All | amd64 | All |
| Operating System | Ubuntu | Ubuntu Linux | 7.10 | All | i386 | All |
| Operating System | Ubuntu | Ubuntu Linux | 7.10 | All | powerpc | All |
| Operating System | Ubuntu | Ubuntu Linux | 7.10 | All | sparc | All |
| Operating System | Ubuntu | Ubuntu Linux | 7.10 | All | amd64 | All |
| Operating System | Ubuntu | Ubuntu Linux | 7.10 | All | i386 | All |
| Operating System | Ubuntu | Ubuntu Linux | 7.10 | All | powerpc | All |
| Operating System | Ubuntu | Ubuntu Linux | 7.10 | All | sparc | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Ubuntu update for gnome-screensaver and compiz - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| Bug 357071 – CVE-2007-3920 gnome-screensaver loses keyboard grab when running under compiz [F7] | CONFIRM | bugzilla.redhat.com | |
| [SECURITY] Fedora 8 Update: xorg-x11-server-1.3.0.0-40.fc8 | FEDORA | www.redhat.com | |
| Gnome-Screensaver With Compiz Lock Bypass Vulnerability | BID | www.securityfocus.com | Patch |
| [SECURITY] Fedora 7 Update: xorg-x11-server-1.3.0.0-16.fc7 | FEDORA | www.redhat.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Support | REDHAT | www.redhat.com | |
| SUSE update for xorg-x11 and XFree86 - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| USN-537-2: Compiz vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| Bug 363061 – CVE-2007-3920 gnome-screensaver loses keyboard grab when running under compiz [F8] | CONFIRM | bugzilla.redhat.com | |
| USN-537-1: gnome-screensaver vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | Patch |
| [security-announce] SUSE Security Announcement: X.org/XFree86 security p | SUSE | lists.opensuse.org | |
| Fedora update for xorg-x11-server - Advisories - Secunia | SECUNIA | secunia.com | |
| Red Hat update for compiz - Advisories - Secunia | SECUNIA | secunia.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2008-05-21 | Joshua Bressers | This issue affected Red Hat Enterprise Linux 5 with a low security impact. An update to the compiz package was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0485.html |
There are currently no legacy QID mappings associated with this CVE.