CVE-2007-3920
First published: Mon Oct 29 2007(Updated: )
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu | =7.10 | |
| Ubuntu | =7.10 | |
| Ubuntu | =7.10 | |
| Ubuntu | =7.10 | |
| Compiz | ||
| GNOME Screensaver | =2.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.ubuntu.com/usn/usn-537-1
- http://www.securityfocus.com/bid/26188
- http://secunia.com/advisories/27381
- http://www.ubuntu.com/usn/usn-537-2
- https://bugzilla.redhat.com/show_bug.cgi?id=357071
- https://bugzilla.redhat.com/show_bug.cgi?id=363061
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00811.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00841.html
- http://secunia.com/advisories/28627
- http://www.redhat.com/support/errata/RHSA-2008-0485.html
- http://secunia.com/advisories/30329
- http://secunia.com/advisories/30715
- http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37410
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10192
Frequently Asked Questions
What is the severity of CVE-2007-3920?
CVE-2007-3920 is considered a medium severity vulnerability due to its potential for unauthorized access with physical access to the system.
How do I fix CVE-2007-3920?
To fix CVE-2007-3920, upgrade to a newer version of GNOME screensaver or apply any available patches from Ubuntu.
Who is affected by CVE-2007-3920?
CVE-2007-3920 primarily affects users of GNOME screensaver 2.20 on Ubuntu 7.10 when used with Compiz.
What kind of attack is possible with CVE-2007-3920?
An attacker with physical access can exploit CVE-2007-3920 to take control of an active user session by manipulating window focus.
Is CVE-2007-3920 resolved in later versions of Ubuntu?
Yes, CVE-2007-3920 is resolved in versions of Ubuntu released after 7.10, where upgrades and patches have been applied.
- collector/nvd-historical
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/7.10
- vendor/compiz
- canonical/compiz
- vendor/gnome
- canonical/gnome screensaver
- version/gnome screensaver/2.20