Vulnerability CVE-2014-3204


Published: 2014-05-06

Description:
Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by right-clicking on the indicator bar and then pressing the ALT and F2 keys.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Canonical -> Ubuntu linux 
Ayatana project -> Unity 

 References:
https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1313885
http://www.securityfocus.com/bid/67117
http://www.openwall.com/lists/oss-security/2014/05/03/1
http://www.openwall.com/lists/oss-security/2014/04/29/2
http://ubuntu.com/usn/usn-2184-1

Copyright 2024, cxsecurity.com

 

Back to Top