CVE-2007-3920
gnome-screensaver - authentication bypass
EPSS 0.05%
Description
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
How to fix CVE-2007-3920
To remediate CVE-2007-3920, upgrade the affected package to a fixed version below.
- Debian/gnome-screensaver—upgrade to 2.20.0-1.1 or later
- Debian/gnome-screensaver—upgrade to 2.18.2-1+lenny1 or later
- —upgrade to 2:1.4.1~git20080118-1 or later
Is CVE-2007-3920 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.20.0-1.1
- from 0, < 2.18.2-1+lenny1
- from 0, < 2:1.4.1~git20080118-1