CVE-2010-0732
published 2010-03-19CVE-2010-0732: gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which…
PriorityP421medium6.2CVSS 2.0
AVLACHAuNCCICAC
EPSS
0.30%
21.5th percentile
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gtk+2.0 | < gtk+2.0 2.18.5-1 (bookworm) | gtk+2.0 2.18.5-1 (bookworm) |
| gnome | gtk | < 2.18.5 | 2.18.5 |
| gnome | screensaver | < 2.28.1 | 2.28.1 |
CVSS provenance
nvdv2.06.2MEDIUMAV:L/AC:H/Au:N/C:C/I:C/A:C
osv6.2MEDIUM
vendor_debian6.2MEDIUM
vendor_redhat6.2MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2010-0732: gtk+2.0 - gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28....
vendor_debian·2010·CVSS 6.2
CVE-2010-0732 [MEDIUM] CVE-2010-0732: gtk+2.0 - gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28....
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
Scope: local
bookworm: resolved (fixed in 2.18.5-1)
bullseye: resolved (fixed in 2.18.5-1)
forky: resolved (fixed in 2.18.5-1)
sid: resolved (fixed in 2.18.5-1)
trixie: resolved (fixed in 2.18.5-1)
Red Hat
gnome-screensaver: Race condition between shaking the unlock dialog and clearing the screen
vendor_redhat·2009-10-14·CVSS 6.2
CVE-2010-0732 [MEDIUM] CWE-662 gnome-screensaver: Race condition between shaking the unlock dialog and clearing the screen
gnome-screensaver: Race condition between shaking the unlock dialog and clearing the screen
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
VulDB
GTK+ up to 2.18.3 Screen Lock race condition (Bug 565527 / Nessus ID 45383)
vuldb·2026-05-03·CVSS 6.2
CVE-2010-0732 [MEDIUM] GTK+ up to 2.18.3 Screen Lock race condition (Bug 565527 / Nessus ID 45383)
A vulnerability identified as problematic has been detected in GTK+ up to 2.18.3. Affected is an unknown function of the component Screen Lock. The manipulation leads to race condition.
This vulnerability is documented as CVE-2010-0732. The attack needs to be performed locally. There is not any exploit available.
You should upgrade the affected component.
GHSA
GHSA-xm6w-hhcm-7v7g: gdk/gdkwindow
ghsa_unreviewed·2022-05-02
CVE-2010-0732 [MEDIUM] CWE-362 GHSA-xm6w-hhcm-7v7g: gdk/gdkwindow
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
OSV
CVE-2010-0732: gdk/gdkwindow
osv·2010-03-19·CVSS 6.2
CVE-2010-0732 [MEDIUM] CVE-2010-0732: gdk/gdkwindow
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
No detection rules found.
No public exploits indexed.
http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.newshttp://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlhttp://secunia.com/advisories/39317http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Linux-wirkungslos-2-Update-928580.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:109http://www.openwall.com/lists/oss-security/2010/02/12/1http://www.openwall.com/lists/oss-security/2010/03/05/2http://www.openwall.com/lists/oss-security/2010/03/16/9http://www.securityfocus.com/bid/38211https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395https://bugzilla.gnome.org/show_bug.cgi?id=598476https://bugzilla.redhat.com/show_bug.cgi?id=565527http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.newshttp://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlhttp://secunia.com/advisories/39317http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Linux-wirkungslos-2-Update-928580.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:109http://www.openwall.com/lists/oss-security/2010/02/12/1http://www.openwall.com/lists/oss-security/2010/03/05/2http://www.openwall.com/lists/oss-security/2010/03/16/9http://www.securityfocus.com/bid/38211https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395https://bugzilla.gnome.org/show_bug.cgi?id=598476https://bugzilla.redhat.com/show_bug.cgi?id=565527
2010-03-19
Published