Bug#449108: CVE-2007-3920: bypass password authentication

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#449108: CVE-2007-3920: bypass password authentication
From: Steffen Joeris <steffen.joeris@skolelinux.de>
Date: Sat, 03 Nov 2007 14:15:31 +1100
Message-id: <[🔎] 20071103031531.6329.58804.reportbug@hannah>
Reply-to: Steffen Joeris <steffen.joeris@skolelinux.de>, 449108@bugs.debian.org

Package: compiz
Severity: grave
Tags: security
Justification: user security hole

Hi

The following CVE[0] has been issued for gnome-screensaver and compiz.
gnome-screensaver is already fixed, but compiz also seems to be
affected.
Here is the text

CVE-2007-3920:

GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not
properly reserve input focus, which allows attackers with physical
access to take control of the session after entering an Alt-Tab
sequence, a related issue to CVE-2007-3069.

Please mention the CVE number in your changelog, if you fix this issue
by an upload.

Please also consider the patch below. It is fetched from the ubuntu
security update.

Cheers
Steffen

[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3920

diff -u compiz-0.5.2/debian/changelog compiz-0.5.2/debian/changelog
--- compiz-0.5.2/debian/changelog
+++ compiz-0.5.2/debian/changelog
@@ -1,3 +1,12 @@
+compiz (0.5.2-2.1) unstable; urgency=high
+
+  * Non-maintainer upload by the testing-security team
+  * Make sure that gnome-screensaver never gets unredirected to avoid
+    that it loses its keyboard grab Fixes: CVE-2007-3920
+    Thanks to Michael Voigt and Ubuntu
+
+ -- Steffen Joeris <white@debian.org>  Sat, 03 Nov 2007 00:33:48 +0000
+
 compiz (0.5.2-2) unstable; urgency=low

   * oops, shipping copies of a few .h and .pc files in both compiz-dev
diff -u compiz-0.5.2/debian/patches/series compiz-0.5.2/debian/patches/series
--- compiz-0.5.2/debian/patches/series
+++ compiz-0.5.2/debian/patches/series
@@ -3,0 +4 @@
+016_CVE-2007-3920.patch
only in patch2:
unchanged:
--- compiz-0.5.2.orig/debian/patches/016_CVE-2007-3920.patch
+++ compiz-0.5.2/debian/patches/016_CVE-2007-3920.patch
@@ -0,0 +1,13 @@
+--- paint.c.orig       2007-11-03 00:31:52.000000000 +0000
++++ compiz-0.5.2/src/paint.c   2007-11-03 00:32:39.000000000 +0000
+@@ -211,7 +211,9 @@
+           if (count == 0                                            &&
+               !REGION_NOT_EMPTY (tmpRegion)                         &&
+               screen->opt[COMP_SCREEN_OPTION_UNREDIRECT_FS].value.b &&
+-              XEqualRegion (w->region, &screen->region))
++              XEqualRegion (w->region, &screen->region)             &&
++              !(w->resName && strcmp(w->resName, "gnome-screensaver") == 0)
++              )
+           {
+               unredirectWindow (w);
+               fullscreenWindow = w;

Reply to:

Prev by Date: Bug#448983: xserver-xorg-video-intel: ignores Modes and minimum VertRefresh to always choose 1280x1024@60Hz for Intel g33 chipset
Next by Date: Bug#449039: xserver-xorg: X slows down and finally crash with too many remote clients
Previous by thread: Bug#448863: Can confirm this bug, please make severity important
Next by thread: Bug#449108: CVE-2007-3920: bypass password authentication
Index(es):
- Date
- Thread