Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-3203

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2014-3203
Last Modified 07 May 2014 10:09:33
Published 06 May 2014 10:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2014-3203

Summary

Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by pressing the SUPER key before the screen auto-locks.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 14.04

Application

  • Ayatana Project Unity 7.0.0

  • Ayatana Project Unity 7.0.1

  • Ayatana Project Unity 7.1.0

  • Ayatana Project Unity 7.1.1

  • Ayatana Project Unity 7.1.2

  • Ayatana Project Unity 7.1.3

  • Ayatana Project Unity 7.2.0


References

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308850

MLIST - [oss-security] 20140503 Re: Ubuntu 14.04: security problem in the lock screen

MLIST - [oss-security] 20140429 Re: Ubuntu 14.04: security problem in the lock screen

UBUNTU - USN-2184-1


Last Updated: 27 May 2016 11:05:12