First published: Wed Dec 12 2007(Updated: )
Description of problem: Quoting Debian bug report: With the addition of the feature to send a message to the logged in user when they return and unlock a locked session, this gives local attackers the ability to read the X selection and clipboard buffers with a middle click on the mouse and a Ctrl+V. I note that the box to leave a message doesn't have a context menu that you could paste via, but it doesn't go far enough. Additional info: <a href="http://bugzilla.gnome.org/show_bug.cgi?id=503005">http://bugzilla.gnome.org/show_bug.cgi?id=503005</a> <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=455484">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=455484</a>
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNOME screensaver | =2.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.