Vulnerability Details CVE-2013-1050
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.8%
CVSS Severity
CVSS v2 Score 7.2
References
- http://www.ubuntu.com/usn/USN-1716-1
- https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126
- https://bugzilla.gnome.org/show_bug.cgi?id=683060
- https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4
- http://www.ubuntu.com/usn/USN-1716-1
- https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126
- https://bugzilla.gnome.org/show_bug.cgi?id=683060
- https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4
Products affected by CVE-2013-1050
-
cpe:2.3:a:gnome:gnome_screensaver:3.5.4
-
cpe:2.3:a:gnome:gnome_screensaver:3.5.5
-
cpe:2.3:a:gnome:gnome_screensaver:3.6.0