Vulnerabilites related to compiz - compiz
cve-2007-3920
Vulnerability from cvelistv5
Published
2007-10-29 21:00
Modified
2024-08-07 14:37
Severity ?
EPSS score ?
Summary
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:05.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=363061"
},
{
"name": "oval:org.mitre.oval:def:10192",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10192"
},
{
"name": "FEDORA-2008-0956",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00841.html"
},
{
"name": "USN-537-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-537-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=357071"
},
{
"name": "30715",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30715"
},
{
"name": "gnomescreensaver-compiz-security-bypass(37410)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37410"
},
{
"name": "SUSE-SA:2008:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
},
{
"name": "USN-537-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-537-1"
},
{
"name": "FEDORA-2008-0930",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00811.html"
},
{
"name": "26188",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26188"
},
{
"name": "RHSA-2008:0485",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0485.html"
},
{
"name": "27381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27381"
},
{
"name": "28627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28627"
},
{
"name": "30329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=363061"
},
{
"name": "oval:org.mitre.oval:def:10192",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10192"
},
{
"name": "FEDORA-2008-0956",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00841.html"
},
{
"name": "USN-537-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-537-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=357071"
},
{
"name": "30715",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30715"
},
{
"name": "gnomescreensaver-compiz-security-bypass(37410)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37410"
},
{
"name": "SUSE-SA:2008:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
},
{
"name": "USN-537-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-537-1"
},
{
"name": "FEDORA-2008-0930",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00811.html"
},
{
"name": "26188",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26188"
},
{
"name": "RHSA-2008:0485",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0485.html"
},
{
"name": "27381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27381"
},
{
"name": "28627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28627"
},
{
"name": "30329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=363061",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=363061"
},
{
"name": "oval:org.mitre.oval:def:10192",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10192"
},
{
"name": "FEDORA-2008-0956",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00841.html"
},
{
"name": "USN-537-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-537-2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=357071",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=357071"
},
{
"name": "30715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30715"
},
{
"name": "gnomescreensaver-compiz-security-bypass(37410)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37410"
},
{
"name": "SUSE-SA:2008:027",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
},
{
"name": "USN-537-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-537-1"
},
{
"name": "FEDORA-2008-0930",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00811.html"
},
{
"name": "26188",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26188"
},
{
"name": "RHSA-2008:0485",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0485.html"
},
{
"name": "27381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27381"
},
{
"name": "28627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28627"
},
{
"name": "30329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3920",
"datePublished": "2007-10-29T21:00:00",
"dateReserved": "2007-07-20T00:00:00",
"dateUpdated": "2024-08-07T14:37:05.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-10-29 21:46
Modified
2024-11-21 00:34
Severity ?
Summary
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ubuntu | ubuntu_linux | 7.10 | |
| ubuntu | ubuntu_linux | 7.10 | |
| ubuntu | ubuntu_linux | 7.10 | |
| ubuntu | ubuntu_linux | 7.10 | |
| compiz | compiz | * | |
| gnome | screensaver | 2.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:amd64:*:*:*:*:*",
"matchCriteriaId": "FB928CC9-0BC3-4AE1-B20B-A58A4C4AAE24",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:i386:*:*:*:*:*",
"matchCriteriaId": "BB850565-A800-44A6-945E-CB235531C5DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:powerpc:*:*:*:*:*",
"matchCriteriaId": "3F37A796-E028-4247-A5E6-66B89A583F87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:sparc:*:*:*:*:*",
"matchCriteriaId": "61DA44B7-FE1A-4452-843E-EAF1404B86F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:compiz:compiz:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93384956-31D4-4111-B447-A6710A8A6306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:screensaver:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F784A89F-6759-4801-B00F-502EE8AD4E71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069."
},
{
"lang": "es",
"value": "El salvapantallas 2.20 de GNOME en Ubuntu 7.10, cuando se usa con Compiz, no reserva el foco de entrada apropiadamente, lo cual permite a atacantes remotos con acceso f\u00edsico tomar el control de la sesi\u00f3n despu\u00e9s de haber introducido la secuencia Alt-Tab, tema similar a CVE-2007-3069."
}
],
"id": "CVE-2007-3920",
"lastModified": "2024-11-21T00:34:22.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-29T21:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27381"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28627"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30329"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30715"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0485.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26188"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/usn-537-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-537-2"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=357071"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=363061"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37410"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10192"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00811.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0485.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/usn-537-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-537-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=357071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=363061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00811.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00841.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue affected Red Hat Enterprise Linux 5 with a low security impact. An update to the compiz package was released to correct this issue: \nhttps://rhn.redhat.com/errata/RHSA-2008-0485.html\n\n",
"lastModified": "2008-05-21T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}