CVE-2007-3920 - OpenCVE

GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:H/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Ubuntu	Ubuntu Linux
Gnome	Screensaver
Compiz	Compiz

Configuration 1 [-]

AND

OR	cpe:2.3:o:ubuntu:ubuntu_linux:7.10::amd64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:7.10::i386:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:7.10::powerpc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:7.10::sparc:::::

OR	cpe:2.3:a:compiz:compiz::::::::
	cpe:2.3:a:gnome:screensaver:2.20:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html
http://secunia.com/advisories/27381	Patch Vendor Advisory
http://secunia.com/advisories/28627
http://secunia.com/advisories/30329
http://secunia.com/advisories/30715
http://www.redhat.com/support/errata/RHSA-2008-0485.html
http://www.securityfocus.com/bid/26188	Patch
http://www.ubuntu.com/usn/usn-537-1	Patch
http://www.ubuntu.com/usn/usn-537-2
https://bugzilla.redhat.com/show_bug.cgi?id=357071
https://bugzilla.redhat.com/show_bug.cgi?id=363061
https://exchange.xforce.ibmcloud.com/vulnerabilities/37410
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10192
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00811.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00841.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-29T21:00:00

Updated: 2017-09-28T12:57:01

Reserved: 2007-07-20T00:00:00

Link: CVE-2007-3920

JSON object: View

NVD Information

Status : Modified

Published: 2007-10-29T21:46:00.000

Modified: 2017-09-29T01:29:09.593

Link: CVE-2007-3920

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-23T00:00:00", "descriptions": [{"lang": "en", "value": "GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=363061"}, {"name": "oval:org.mitre.oval:def:10192", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10192"}, {"name": "FEDORA-2008-0956", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00841.html"}, {"name": "USN-537-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-537-2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=357071"}, {"name": "30715", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30715"}, {"name": "gnomescreensaver-compiz-security-bypass(37410)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37410"}, {"name": "SUSE-SA:2008:027", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"}, {"name": "USN-537-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-537-1"}, {"name": "FEDORA-2008-0930", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00811.html"}, {"name": "26188", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26188"}, {"name": "RHSA-2008:0485", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0485.html"}, {"name": "27381", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27381"}, {"name": "28627", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28627"}, {"name": "30329", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30329"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3920", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=363061", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=363061"}, {"name": "oval:org.mitre.oval:def:10192", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10192"}, {"name": "FEDORA-2008-0956", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00841.html"}, {"name": "USN-537-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-537-2"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=357071", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=357071"}, {"name": "30715", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30715"}, {"name": "gnomescreensaver-compiz-security-bypass(37410)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37410"}, {"name": "SUSE-SA:2008:027", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"}, {"name": "USN-537-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-537-1"}, {"name": "FEDORA-2008-0930", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00811.html"}, {"name": "26188", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26188"}, {"name": "RHSA-2008:0485", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0485.html"}, {"name": "27381", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27381"}, {"name": "28627", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28627"}, {"name": "30329", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30329"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3920", "datePublished": "2007-10-29T21:00:00", "dateReserved": "2007-07-20T00:00:00", "dateUpdated": "2017-09-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:amd64:*:*:*:*:*", "matchCriteriaId": "FB928CC9-0BC3-4AE1-B20B-A58A4C4AAE24", "vulnerable": false}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:i386:*:*:*:*:*", "matchCriteriaId": "BB850565-A800-44A6-945E-CB235531C5DD", "vulnerable": false}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:powerpc:*:*:*:*:*", "matchCriteriaId": "3F37A796-E028-4247-A5E6-66B89A583F87", "vulnerable": false}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:sparc:*:*:*:*:*", "matchCriteriaId": "61DA44B7-FE1A-4452-843E-EAF1404B86F3", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:compiz:compiz:*:*:*:*:*:*:*:*", "matchCriteriaId": "93384956-31D4-4111-B447-A6710A8A6306", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:screensaver:2.20:*:*:*:*:*:*:*", "matchCriteriaId": "F784A89F-6759-4801-B00F-502EE8AD4E71", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069."}, {"lang": "es", "value": "El salvapantallas 2.20 de GNOME en Ubuntu 7.10, cuando se usa con Compiz, no reserva el foco de entrada apropiadamente, lo cual permite a atacantes remotos con acceso f\u00edsico tomar el control de la sesi\u00f3n despu\u00e9s de haber introducido la secuencia Alt-Tab, tema similar a CVE-2007-3069."}], "id": "CVE-2007-3920", "lastModified": "2017-09-29T01:29:09.593", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-29T21:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27381"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28627"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30329"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30715"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0485.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/26188"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.ubuntu.com/usn/usn-537-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-537-2"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=357071"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=363061"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37410"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10192"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00811.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00841.html"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "This issue affected Red Hat Enterprise Linux 5 with a low security impact. An update to the compiz package was released to correct this issue: \nhttps://rhn.redhat.com/errata/RHSA-2008-0485.html\n\n", "lastModified": "2008-05-21T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}