CVE-2014-5195

Sažetak

Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension.

Reference

http://www.osvdb.org/109788
http://www.securityfocus.com/bid/68987
http://www.ubuntu.com/usn/USN-2303-1
https://bugs.launchpad.net/unity/7.2/+bug/1349128
https://exchange.xforce.ibmcloud.com/vulnerabilities/95199

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

08-09-2017 - 01:29

Objavljeno

07-08-2014 - 11:13