CVE-2014-3202 - OpenCVE

Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ayatana Project	Unity

Configuration 1 [-]

OR	cpe:2.3:a:ayatana_project:unity::::::::
	cpe:2.3:a:ayatana_project:unity:7.0.0:::::::*
	cpe:2.3:a:ayatana_project:unity:7.0.1:::::::*
	cpe:2.3:a:ayatana_project:unity:7.1.0:::::::*
	cpe:2.3:a:ayatana_project:unity:7.1.1:::::::*
	cpe:2.3:a:ayatana_project:unity:7.1.2:::::::*
	cpe:2.3:a:ayatana_project:unity:7.1.3:::::::*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2014/04/26/1
http://www.openwall.com/lists/oss-security/2014/04/26/2
http://www.openwall.com/lists/oss-security/2014/04/29/2
http://www.openwall.com/lists/oss-security/2014/05/03/1
https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572
https://bugs.launchpad.net/unity/+bug/1308750	Exploit

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: canonical

Published: 2014-05-06T14:00:00

Updated: 2014-05-06T12:57:00

Reserved: 2014-05-03T00:00:00

Link: CVE-2014-3202

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-05-06T14:55:05.917

Modified: 2014-05-07T13:43:23.373

Link: CVE-2014-3202

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-16T00:00:00", "descriptions": [{"lang": "en", "value": "Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-06T12:57:00", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"name": "[oss-security] 20140429 Re: Ubuntu 14.04: security problem in the lock screen", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/04/29/2"}, {"name": "[oss-security] 20140503 Re: Ubuntu 14.04: security problem in the lock screen", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/05/03/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/unity/+bug/1308750"}, {"name": "[oss-security] 20140426 Ubuntu 14.04: security problem in the lock screen", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/04/26/1"}, {"name": "[oss-security] 20140426 Re: Ubuntu 14.04: security problem in the lock screen", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/04/26/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2014-3202", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20140429 Re: Ubuntu 14.04: security problem in the lock screen", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/04/29/2"}, {"name": "[oss-security] 20140503 Re: Ubuntu 14.04: security problem in the lock screen", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/05/03/1"}, {"name": "https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572"}, {"name": "https://bugs.launchpad.net/unity/+bug/1308750", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/unity/+bug/1308750"}, {"name": "[oss-security] 20140426 Ubuntu 14.04: security problem in the lock screen", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/04/26/1"}, {"name": "[oss-security] 20140426 Re: Ubuntu 14.04: security problem in the lock screen", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/04/26/2"}]}}}}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2014-3202", "datePublished": "2014-05-06T14:00:00", "dateReserved": "2014-05-03T00:00:00", "dateUpdated": "2014-05-06T12:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ayatana_project:unity:*:*:*:*:*:*:*:*", "matchCriteriaId": "1170F9BB-9FFB-407F-B8D3-F8417383021F", "versionEndIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ayatana_project:unity:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "982E87CF-26D7-4D2F-AA5F-57798C2F4D33", "vulnerable": true}, {"criteria": "cpe:2.3:a:ayatana_project:unity:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B5CD4318-783D-4428-815B-DD2C6F912C3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ayatana_project:unity:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2562307E-490C-485E-9C1A-4A569565270F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ayatana_project:unity:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "35E3A65D-6F6F-4457-A836-89A54CEDB9D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ayatana_project:unity:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A052C0C4-4408-4014-AE8F-F894AB04BF1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ayatana_project:unity:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "07D5E8C8-34DD-4EA0-B686-2088F5C11122", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash."}, {"lang": "es", "value": "Unity anterior a 7.2.1 no maneja debidamente activaci\u00f3n de entrada, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos evadir la pantalla de bloqueo mediante la presi\u00f3n continua sobre la tecla ENTER, lo que provoca la ca\u00edda del proceso."}], "id": "CVE-2014-3202", "lastModified": "2014-05-07T13:43:23.373", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-06T14:55:05.917", "references": [{"source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2014/04/26/1"}, {"source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2014/04/26/2"}, {"source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2014/04/29/2"}, {"source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2014/05/03/1"}, {"source": "security@ubuntu.com", "url": "https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572"}, {"source": "security@ubuntu.com", "tags": ["Exploit"], "url": "https://bugs.launchpad.net/unity/+bug/1308750"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}