CVE-2007-3920

NameCVE-2007-3920
DescriptionGNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDTSA-75-1
Debian Bugs449108

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnome-screensaver (PTS)jessie3.6.1-4fixed
stretch3.6.1-7fixed
buster3.6.1-10fixed
sid, trixie, bullseye, bookworm3.6.1-13fixed
xorg-server (PTS)jessie, jessie (lts)2:1.16.4-1+deb8u17fixed
stretch (security)2:1.19.2-1+deb9u9fixed
stretch (lts), stretch2:1.19.2-1+deb9u20fixed
buster, buster (lts)2:1.20.4-1+deb10u15fixed
buster (security)2:1.20.4-1+deb10u14fixed
bullseye2:1.20.11-1+deb11u13fixed
bullseye (security)2:1.20.11-1+deb11u14fixed
bookworm (security), bookworm2:21.1.7-3+deb12u8fixed
sid, trixie2:21.1.14-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnome-screensaversourceetch(not affected)
gnome-screensaversourcelenny2.18.2-1+lenny1DTSA-75-1
gnome-screensaversource(unstable)2.20.0-1.1
xorg-serversourceetch(not affected)
xorg-serversource(unstable)2:1.4.1~git20080118-1medium449108

Notes

[etch] - gnome-screensaver <not-affected> (Affected Compiz not present in Etch version)
[etch] - xorg-server <not-affected> (Affected Compiz not present in Etch version)

Search for package or bug name: Reporting problems