CVE-2009-4642

NameCVE-2009-4642
Descriptiongnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnome-screensaver (PTS)jessie3.6.1-4fixed
stretch3.6.1-7fixed
buster3.6.1-10fixed
sid, trixie, bullseye, bookworm3.6.1-13fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnome-screensaversourcelenny(not affected)
gnome-screensaversource(unstable)2.26.1-2

Notes

[lenny] - gnome-screensaver <not-affected> (vulnerability introduced in 2.26)
only an issue under certain desktop environments such as xfce
Search for package or bug name: Reporting problems