{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-10T22:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up/"}, {"tags": ["x_refsource_MISC"], "url": "http://who-t.blogspot.com/2012/01/xkb-breaking-grabs-cve-2012-0064.html"}, {"name": "[xorg-devel] 20120119 [PATCH SECURITY] XKB: Workaround for CVE-2012-0064: Stop calling UngrabAllDevices().", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.x.org/archives/xorg-devel/2012-January/028691.html"}, {"name": "1026549", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1026549"}, {"name": "78445", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/78445"}, {"name": "[xorg-announce] 20120119 xkeyboard-config 2.5", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.x.org/archives/xorg-announce/2012-January/001797.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.x.org/wiki/Development/Security/"}, {"name": "[oss-security] 20120118 Re: Screen locking programs on Xorg 1.11", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/01/19/6"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=783039"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:16:18.454Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://who-t.blogspot.com/2012/01/xkb-breaking-grabs-cve-2012-0064.html"}, {"name": "[xorg-devel] 20120119 [PATCH SECURITY] XKB: Workaround for CVE-2012-0064: Stop calling UngrabAllDevices().", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.x.org/archives/xorg-devel/2012-January/028691.html"}, {"name": "1026549", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1026549"}, {"name": "78445", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/78445"}, {"name": "[xorg-announce] 20120119 xkeyboard-config 2.5", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.x.org/archives/xorg-announce/2012-January/001797.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.x.org/wiki/Development/Security/"}, {"name": "[oss-security] 20120118 Re: Screen locking programs on Xorg 1.11", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/01/19/6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=783039"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0064", "datePublished": "2014-02-10T23:00:00", "dateReserved": "2011-12-07T00:00:00", "dateUpdated": "2024-08-06T18:16:18.454Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x:x.org_x11:*:rc1:*:*:*:*:*:*", "matchCriteriaId": "0D6FF30D-BD14-4AAD-9A0E-F81BA0BA7885", "versionEndIncluding": "7.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2AB2F310-BC92-4328-B267-585141491F67", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "23AEF29F-93D5-44BD-95E5-18D1C79C6F6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BDE84538-7928-4B29-8E56-588FA136412B", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "564B8F58-44C5-4830-B68B-871ED223656D", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "65F124DB-D9B5-4470-AAB9-24DF998D01A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "5CD09288-DCC6-4C43-B31C-8056AB319F1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "938CB0B0-FF9E-418B-93F6-3AC17A5D0D53", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "26097D33-E3CF-4F5D-A4B0-B3EF384A15CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "EA8AEBCE-AD1B-4FE8-A3BA-228D0E5CD1F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "ACB34DA6-F07C-4AB4-8356-0CA500A5E609", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.7:*:*:*:*:*:*:*", "matchCriteriaId": "AABE653B-D60C-4DAE-8C59-640CCA8E29E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "A376D24F-C30B-4588-8727-6F4C79257D4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "31D33FE0-4A26-419F-8BDC-F4D6FEDE340B", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "5A1134B7-C534-4A92-B83F-54CDF99434A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "08C160D7-A821-41D9-B5B5-66F119543FA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "09B4D961-C351-483B-B769-ECE98E28A3C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "0B93FCD1-0E9D-4BD9-A939-A1D13A06FDB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "C01EC0B7-8B16-46D1-BC45-126BC56F7337", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "F03B0C6D-1709-4EDA-8EC9-5ACA30BF4806", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "A1ED2589-35D2-4F61-8E08-808E36F6D64C", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "3D39DF9B-2EE4-446E-956C-46D090D93DE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:xkeyboard_config_project:xkeyboard-config:*:*:*:*:*:*:*:*", "matchCriteriaId": "A18156F4-F5C0-4DAA-A8A3-AD489CF63F5B", "versionEndIncluding": "2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:xkeyboard_config_project:xkeyboard-config:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7245A189-ED94-49F4-B3C9-EF25FEA831D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:xkeyboard_config_project:xkeyboard-config:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4FEB4586-C46E-4A15-BBA1-D72987E23AF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xkeyboard_config_project:xkeyboard-config:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "40EA4A99-E40C-4846-A4B1-7CF2BE3C0F7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xkeyboard_config_project:xkeyboard-config:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "BDF98A9A-481D-4D34-8C58-1BEAC1B5EB47", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab."}, {"lang": "es", "value": "xkeyboard-config anterior a 2.5 en X.Org anterior a 7.6 habilita por defecto ciertas funciones de depuraci\u00f3n XKB, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos evadir un bloqueo de pantalla X a trav\u00e9s de combinaciones de teclado que interrumpen la captura de entrada ."}], "id": "CVE-2012-0064", "lastModified": "2024-11-21T01:34:19.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-10T23:55:04.777", "references": [{"source": "secalert@redhat.com", "url": "http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up/"}, {"source": "secalert@redhat.com", "url": "http://lists.x.org/archives/xorg-announce/2012-January/001797.html"}, {"source": "secalert@redhat.com", "url": "http://lists.x.org/archives/xorg-devel/2012-January/028691.html"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1026549"}, {"source": "secalert@redhat.com", "url": "http://who-t.blogspot.com/2012/01/xkb-breaking-grabs-cve-2012-0064.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/01/19/6"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/78445"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.x.org/wiki/Development/Security/"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=783039"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.x.org/archives/xorg-announce/2012-January/001797.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.x.org/archives/xorg-devel/2012-January/028691.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1026549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://who-t.blogspot.com/2012/01/xkb-breaking-grabs-cve-2012-0064.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/01/19/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/78445"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.x.org/wiki/Development/Security/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=783039"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "xkeyboard-config: screen-saver unlock via xkb debug key actions", "id": "783039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=783039"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab."], "name": "CVE-2012-0064", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "xorg-x11", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "xkeyboard-config", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "xkeyboard-config", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-01-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-0064\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-0064"], "statement": "Not vulnerable. This issue did not affect versions of xorg-x11 as shipped with Red Hat Enterprise Linux 4. This issue did not affect versions of xkeyboard-config as shipped with Red Hat Enterprise Linux 5 and 6.", "threat_severity": "Low"}