CVE-2012-1620
low
CVSS v3
—
CVSS v2
3.6
VIR risk
3.6
Description
slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-1620
Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/48700
Vendor advisory: secalert@redhat.com — http://hg.suckless.org/slock/rev/891a4984aba6
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 39-1 |
| debian | bullseye | fixed | 39-1 |
| debian | forky | fixed | 39-1 |
| debian | sid | fixed | 39-1 |
| debian | trixie | fixed | 39-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| suckless | slock | 0.9 | |
References
- http://hg.suckless.org/slock/rev/891a4984aba6
- http://secunia.com/advisories/48700
- http://www.openwall.com/lists/oss-security/2012/04/06/1
- http://www.openwall.com/lists/oss-security/2012/04/06/2
- http://www.osvdb.org/81035
- http://www.securityfocus.com/bid/52922
- https://bugs.gentoo.org/show_bug.cgi?id=401645
- https://bugzilla.redhat.com/show_bug.cgi?id=786310
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74666
- https://security-tracker.debian.org/tracker/CVE-2012-1620
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.