PublicDateAtUSN: 2010-02-24
Candidate: CVE-2010-0285
PublicDate: 2010-02-24 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0285
 https://ubuntu.com/security/notices/USN-907-1
Description:
 gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X
 configuration enables the extend screen option, allows physically proximate
 attackers to bypass screen locking, access an unattended workstation, and
 view half of the GNOME desktop by attaching an external monitor.
Ubuntu-Description:
Notes:
 mdeslaur> code doesn't seem present in 2.22.2, but have not tested.
 mdeslaur> code seems to have been introduced in 2.23.3
Bugs:
 https://bugzilla.gnome.org/show_bug.cgi?id=593616
 https://bugzilla.redhat.com/show_bug.cgi?id=557525
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_gnome-screensaver:
 upstream: http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca
upstream_gnome-screensaver: needs-triage
dapper_gnome-screensaver: ignored (reached end-of-life)
hardy_gnome-screensaver: not-affected (code not present)
intrepid_gnome-screensaver: released (2.24.0-0ubuntu2.1)
jaunty_gnome-screensaver: released (2.24.0-0ubuntu6.1)
karmic_gnome-screensaver: released (2.28.0-0ubuntu3.5)
devel_gnome-screensaver: not-affected (2.29.91-0ubuntu2)