CVE-2012-1620

Published Jul 12, 2012

Last updated 7 years ago

Overview

Description: slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.6
Impact score: 4.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:suckless:slock:0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59CA3F97-C343-4AFE-86AC-964A3D457FBD"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2012-1620
http://hg.suckless.org/slock/rev/891a4984aba6
http://secunia.com/advisories/48700
http://www.openwall.com/lists/oss-security/2012/04/06/1
http://www.openwall.com/lists/oss-security/2012/04/06/2
http://www.osvdb.org/81035
http://www.securityfocus.com/bid/52922
https://bugs.gentoo.org/show_bug.cgi?id=401645
https://bugzilla.redhat.com/show_bug.cgi?id=786310
https://exchange.xforce.ibmcloud.com/vulnerabilities/74666

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References