X.Org XServer ScreenSaver Lock Bypass Vulnerability
BID:51562
Info
X.Org XServer ScreenSaver Lock Bypass Vulnerability
| Bugtraq ID: | 51562 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2012-0064 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 19 2012 12:00AM |
| Updated: | Apr 13 2015 09:26PM |
| Credit: | Gul |
| Vulnerable: |
X.org xorg-server 1.11 Gentoo Linux |
| Not Vulnerable: | |
Discussion
X.Org XServer ScreenSaver Lock Bypass Vulnerability
The X.Org XServer application is prone to a vulnerability that allows an attacker who has physical console access to bypass the user's locked screen.
An attacker with physical access to the desktop may be able to bypass the desktop-locking screensaver. This may grant the attacker access to another user's desktop session.
X.Org XServer 1.11 is vulnerable; other versions may also be affected.
The X.Org XServer application is prone to a vulnerability that allows an attacker who has physical console access to bypass the user's locked screen.
An attacker with physical access to the desktop may be able to bypass the desktop-locking screensaver. This may grant the attacker access to another user's desktop session.
X.Org XServer 1.11 is vulnerable; other versions may also be affected.
Exploit / POC
X.Org XServer ScreenSaver Lock Bypass Vulnerability
To exploit this issue, attackers require physical console access.
To exploit this issue, attackers require physical console access.
Solution / Fix
X.Org XServer ScreenSaver Lock Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
X.Org XServer ScreenSaver Lock Bypass Vulnerability
References:
References:
- index : xorg/xserver (XOrg)
- Re: Screen locking programs on Xorg 1.11 (GMane)
- X.org Home Page (X.org)