Lucene search

RedhatCVE-2010-2532

HistorySep 03, 2010 - 8:00 p.m.

CVE-2010-2532

2010-09-0320:00:03

CWE-264

redhat

web.nvd.nist.gov

cve-2010-2532

lxsession-logout

lxde

suse

opensuse 11.3

screen lock

suspend

hibernate

physical attack

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

26.7%

JSON

lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments.

Affected configurations

Nvd

Node

opensuseopensuseMatch11.3

VendorProductVersionCPE
opensuseopensuse11.3cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensuse	opensuse	11.3	cpe:2.3:o:opensuse:opensuse:11.3:::::::*

References

lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

www.openwall.com/lists/oss-security/2010/07/15/1

www.openwall.com/lists/oss-security/2010/07/16/4

bugzilla.novell.com/show_bug.cgi?id=622083

bugzilla.redhat.com/show_bug.cgi?id=614608

bugzillafiles.novell.org/attachment.cgi?id=375737

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

26.7%

JSON

Related for CVE-2010-2532