Summary
The remote host is missing an update to gnome-screensaver announced via advisory USN-866-1.
Solution
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 9.10:
gnome-screensaver 2.28.0-0ubuntu3.1
After a standard system upgrade you need to restart your session to effect the necessary changes.
https://secure1.securityspace.com/smysecure/catid.html?in=USN-866-1
Insight
It was discovered that gnome-screensaver did not always re-enable itself after applications requested it to ignore idle timers. This may result in the screen not being automatically locked after the inactivity timeout is reached, permitting an attacker with physical access to gain access to an unlocked session.
Severity
Classification
-
CVE CVE-2009-4641 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities