CVE-2010-2532

Severity

72%

Complexity

39%

Confidentiality

165%

** DISPUTED ** lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments.

** DISPUTED ** lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments.

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 14 years ago

2010-09-03 20:00:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

OpenSUSE 11.3

11.3

References

SUSE-SR:2010:014

[oss-security] 20100715 CVE request: lxsession-logout

[oss-security] 20100715 Re: CVE request: lxsession-logout

https://bugzilla.novell.com/show_bug.cgi?id=622083

https://bugzilla.redhat.com/show_bug.cgi?id=614608

https://bugzillafiles.novell.org/attachment.cgi?id=375737

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.