CVE-2009-4642

NameCVE-2009-4642
Descriptiongnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnome-screensaver (PTS)stretch3.6.1-7fixed
buster3.6.1-10fixed
bullseye, sid3.6.1-13fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnome-screensaversource(unstable)2.26.1-2
gnome-screensaversourcelenny(not affected)

Notes

[lenny] - gnome-screensaver <not-affected> (vulnerability introduced in 2.26)
only an issue under certain desktop environments such as xfce

Search for package or bug name: Reporting problems