Информационная безопасность
[RU] switch to English


Обход защиты gnome-screensaver
дополнено с 16 февраля 2010 г.
Опубликовано:9 марта 2010 г.
Источник:
SecurityVulns ID:10622
Тип:локальная
Уровень опасности:
5/10
Описание:Отказ скринсейвера при подключении монитора.
Затронутые продукты:GNOME : gnome-screensaver 2.28
CVE:CVE-2010-0732 (gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.)
 CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.)
 CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.)
 CVE-2010-0285 (gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.)
Оригинальный текстdocumentUBUNTU, [USN-907-1] gnome-screensaver vulnerabilities (09.03.2010)
 documentUBUNTU, [USN-898-1] gnome-screensaver vulnerability (16.02.2010)

Утечка информации в Apache HTTPD
Опубликовано:9 марта 2010 г.
Источник:
SecurityVulns ID:10674
Тип:удаленная
Уровень опасности:
5/10
Описание:При определенных условиях возможно получить содержимое памяти, касающееся предыдущих запросов к серверу.
Затронутые продукты:APACHE : Apache 2.2
CVE:CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:057 ] apache (09.03.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород