Test ID:	1.3.6.1.4.1.25623.1.0.840397
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-907-1)
Summary:	The remote host is missing an update for the 'gnome-screensaver' package(s) announced via the USN-907-1 advisory.
Description:	Summary: The remote host is missing an update for the 'gnome-screensaver' package(s) announced via the USN-907-1 advisory. Vulnerability Insight: It was discovered that gnome-screensaver did not correctly lock all screens when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. (CVE-2010-0285) It was discovered that gnome-screensaver did not correctly handle keyboard grab when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. This issue only affected Ubuntu 9.10. (CVE-2010-0422) Affected Software/OS: 'gnome-screensaver' package(s) on Ubuntu 8.10, Ubuntu 9.04, Ubuntu 9.10. Solution: Please install the updated package(s). CVSS Score: 5.6 CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0285 38254 http://www.securityfocus.com/bid/38254 MDVSA-2011:093 http://www.mandriva.com/security/advisories?name=MDVSA-2011:093 http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca http://security-tracker.debian.org/tracker/CVE-2010-0285 https://bugzilla.gnome.org/show_bug.cgi?id=593616 https://bugzilla.redhat.com/show_bug.cgi?id=557525 screensaver-monitor-setup-sec-bypass(56366) https://exchange.xforce.ibmcloud.com/vulnerabilities/56366 Common Vulnerability Exposure (CVE) ID: CVE-2010-0422 38248 http://www.securityfocus.com/bid/38248 38565 http://secunia.com/advisories/38565 38583 http://secunia.com/advisories/38583 FEDORA-2010-1855 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035115.html [oss-security] 20100212 Re: gnome-screensaver vulnerability (CVE-2010-0414) http://marc.info/?l=oss-security&m=126601292400764&w=2 gnome-screensaver-monitor-sec-bypass(56364) https://exchange.xforce.ibmcloud.com/vulnerabilities/56364 http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.3.news http://git.gnome.org/browse/gnome-screensaver/commit/?id=271ae93d7b140b8ba40d77f9e4ce894e5fd1b554 http://git.gnome.org/browse/gnome-screensaver/commit/?id=d4dcbd65a2df3c093c4e3a74bbbc75383eb9eadb http://git.gnome.org/browse/gnome-screensaver/commit/?id=f93a22c175090cf02e80bc3ee676b53f1251f685 https://bugzilla.gnome.org/show_bug.cgi?id=609789 https://bugzilla.redhat.com/show_bug.cgi?id=564464
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.