Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 386311 - gnome-extra/gnome-power-manager: privilege escalation (CVE-2009-4997)
Summary: gnome-extra/gnome-power-manager: privilege escalation (CVE-2009-4997)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-08 14:02 UTC by GLSAMaker/CVETool Bot
Modified: 2013-09-03 04:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 14:02:25 UTC 
CVE-2009-4997 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4997):
  gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend
  and lock_on_hibernate settings for locking the screen when the suspend or
  hibernate button is pressed, which might make it easier for physically
  proximate attackers to access an unattended laptop via a resume action, a
  related issue to CVE-2010-2532.  NOTE: this issue exists because of a
  regression that followed a gnome-power-manager fix a few years earlier.
Comment 1 Pacho Ramos gentoo-dev 2011-10-08 21:33:30 UTC 
Why are we CCed here? 2.32.0 is older version in the tree... :-/
Comment 2 Christian D. 2011-11-22 22:29:47 UTC 
The issue seems to persist in gnome-power-manager-2.32. See http://forums.gentoo.org/viewtopic-p-6871010.html#6871010 for a description of "does not properly implement"
Comment 3 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-03 04:14:37 UTC 
Affected versions should be out of tree. Please file a new bug with more detailed information if the problem is still out there. Old, closing noglsa.