Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1620

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2012-1620
Last Modified 19 Nov 2012 11:43:39
Published 12 Jul 2012 03:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-1620

Summary

slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows.

Vulnerable Systems

Application

  • Suckless Slock 0.9


References

CONFIRM - http://hg.suckless.org/slock/rev/891a4984aba6

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=786310

MISC - https://bugs.gentoo.org/show_bug.cgi?id=401645

XF - slock-xraisewindow-sec-bypass(74666)

OSVDB - 81035

MLIST - [oss-security] 20120405 Re: CVE Request: slock-0.9 displays modal box after locking

MLIST - [oss-security] 20120405 CVE Request: slock-0.9 displays modal box after locking

SECUNIA - 48700

BID - 52922


Last Updated: 27 May 2016 10:56:40