Vulnerability Details : CVE-2010-2532
lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments.
Exploit prediction scoring system (EPSS) score for CVE-2010-2532
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2532
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2010-2532
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2532
-
https://bugzilla.novell.com/show_bug.cgi?id=622083
Bug 622083 – VUL-0: lxsession-logout should lock the screen before suspending/hibernating/switching users
-
http://www.openwall.com/lists/oss-security/2010/07/15/1
oss-security - CVE request: lxsession-logout
-
http://www.openwall.com/lists/oss-security/2010/07/16/4
oss-security - Re: CVE request: lxsession-logout
-
https://bugzilla.redhat.com/show_bug.cgi?id=614608
614608 – (CVE-2010-2532) CVE-2010-2532 lxsession: does not lock the screen before suspending/hibernating/switching users
-
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:014
-
https://bugzillafiles.novell.org/attachment.cgi?id=375737
Products affected by CVE-2010-2532
- cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*