CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
7.6 | $0-$5k | 0.00 |
A vulnerability has been found in kde KDE SC 4.4.0 and classified as critical. This vulnerability affects an unknown code of the component Screen Lock. The manipulation with an unknown input leads to a race condition vulnerability. The CWE definition for the vulnerability is CWE-362. The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes.
The weakness was disclosed 03/03/2010 (Website). The advisory is available at vupen.com. This vulnerability was named CVE-2010-0923 since 03/03/2010. Local access is required to approach this attack. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available.
It is declared as proof-of-concept.
Applying a patch is able to eliminate this problem.
Product
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.4VulDB Meta Temp Score: 7.6
VulDB Base Score: 8.4
VulDB Temp Score: 7.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Race conditionCWE: CWE-362
CAPEC: 🔍
ATT&CK: 🔍
Local: Yes
Remote: No
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Timeline
02/18/2010 🔍02/22/2010 🔍
03/03/2010 🔍
03/03/2010 🔍
03/03/2010 🔍
03/18/2015 🔍
12/16/2017 🔍
Sources
Vendor: kde.orgAdvisory: vupen.com⛔
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2010-0923 (🔍)
SecurityTracker: 1023641
Secunia: 38600 - KDE KRunner Lock Module Race Condition Weakness, Not Critical
Vupen: ADV-2010-0409
Entry
Created: 03/18/2015 15:15Updated: 12/16/2017 07:23
Changes: 03/18/2015 15:15 (50), 12/16/2017 07:23 (7)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.