CVE-2009-4641 — Screensaver vulnerability

9 documents8 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 83.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Screensaver

Timeline

PublishedFeb 11

Latest updateMay 2

Description

gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDgnome/screensaver2.28.0

Patches

Patch: bugzilla.gnome.org ↗Patch: bugzilla.gnome.org ↗

🔴Vulnerability Details

GHSA

GHSA-p9q3-w9jq-7p9j: gnome-screensaver 2↗2022-05-02

▶

CVEList

CVE-2009-4641: gnome-screensaver 2↗2010-02-11

▶

OSV

CVE-2009-4641: gnome-screensaver 2↗2010-02-11

▶

📋Vendor Advisories

Ubuntu

gnome-screensaver vulnerability↗2009-12-07

▶

Red Hat

gnome-screensaver: missing session inhibit removal↗2009-11-02

▶

Debian

CVE-2009-4641: gnome-screensaver - gnome-screensaver 2.28.0 does not resume adherence to its activation settings af...↗2009

▶

💬Community

Bugzilla

CVE-2009-4641 gnome-screensaver: Improper session inhibit removal [Fedora 11]↗2010-02-13

▶

Bugzilla

CVE-2009-4641 gnome-screensaver: missing session inhibit removal↗2010-02-13

▶