CVE-2012-6111

Note

In hardy, gnome_keyring_lock_all_sync() was in the gnome-keyring
package, and works as expected.
In 2.30+ in Lucid+, gnome_keyring_lock_all_sync() is in
libgnome-keyring and sends a LockService DBus call to
gnome-keyring. This call isn't implemented in lucid+
Nothing in the archive in Oneiric+ actually uses
gnome_keyring_lock_all_sync(), so this is low.
In Lucid, gnome-power-manager calls this before suspend and
hibernation with the intention of locking the keyring.
Fixing this in Lucid would result in the user likely having to
retype their keyring password when coming out of suspend and
hibernation, which is an intrusive change this late in Lucid's
lifecycle.
Setting this issue as priority low for the reasons above.

Package	Release	Status
gnome-keyring Launchpad, Ubuntu, Debian	artful	Ignored (end of life)
	bionic	Not vulnerable (3.28.0.2-1ubuntu1.18.04.1)
	cosmic	Not vulnerable (3.28.2-0ubuntu1)
	hardy	Ignored (end of life)
	lucid	Ignored (end of life)
	oneiric	Ignored (end of life)
	precise	Ignored (end of life)
	quantal	Ignored (end of life)
	raring	Ignored (end of life)
	saucy	Ignored (end of life)
	trusty	Does not exist (trusty was not-affected [3.10.1-1ubuntu4.3])
	upstream	Needed
	utopic	Ignored (end of life)
	vivid	Ignored (end of life)
	wily	Ignored (end of life)
	xenial	Not vulnerable (3.18.3-0ubuntu2)
	yakkety	Ignored (end of life)
	zesty	Ignored (end of life)

Parameter	Value
Base score	7.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	None
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2012-6111

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading