CVE-2014-3202 - OpenCVE

Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ayatana Project	Unity

Configuration 1 [-]

OR	cpe:2.3:a:ayatana_project:unity::::::::
	cpe:2.3:a:ayatana_project:unity:7.0.0:::::::*
	cpe:2.3:a:ayatana_project:unity:7.0.1:::::::*
	cpe:2.3:a:ayatana_project:unity:7.1.0:::::::*
	cpe:2.3:a:ayatana_project:unity:7.1.1:::::::*
	cpe:2.3:a:ayatana_project:unity:7.1.2:::::::*
	cpe:2.3:a:ayatana_project:unity:7.1.3:::::::*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2014/04/26/1
http://www.openwall.com/lists/oss-security/2014/04/26/2
http://www.openwall.com/lists/oss-security/2014/04/29/2
http://www.openwall.com/lists/oss-security/2014/05/03/1
https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572
https://bugs.launchpad.net/unity/+bug/1308750

History

No history.

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2014-05-06T14:00:00

Updated: 2024-08-06T10:35:56.958Z

Reserved: 2014-05-03T00:00:00

Link: CVE-2014-3202

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-05-06T14:55:05.917

Modified: 2014-05-07T13:43:23.373

Link: CVE-2014-3202

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-16T00:00:00", "descriptions": [{"lang": "en", "value": "Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-06T12:57:00", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"name": "[oss-security] 20140429 Re: Ubuntu 14.04: security problem in the lock screen", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/04/29/2"}, {"name": "[oss-security] 20140503 Re: Ubuntu 14.04: security problem in the lock screen", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/05/03/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/unity/+bug/1308750"}, {"name": "[oss-security] 20140426 Ubuntu 14.04: security problem in the lock screen", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/04/26/1"}, {"name": "[oss-security] 20140426 Re: Ubuntu 14.04: security problem in the lock screen", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/04/26/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2014-3202", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20140429 Re: Ubuntu 14.04: security problem in the lock screen", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/04/29/2"}, {"name": "[oss-security] 20140503 Re: Ubuntu 14.04: security problem in the lock screen", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/05/03/1"}, {"name": "https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572"}, {"name": "https://bugs.launchpad.net/unity/+bug/1308750", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/unity/+bug/1308750"}, {"name": "[oss-security] 20140426 Ubuntu 14.04: security problem in the lock screen", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/04/26/1"}, {"name": "[oss-security] 20140426 Re: Ubuntu 14.04: security problem in the lock screen", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/04/26/2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:35:56.958Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20140429 Re: Ubuntu 14.04: security problem in the lock screen", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/04/29/2"}, {"name": "[oss-security] 20140503 Re: Ubuntu 14.04: security problem in the lock screen", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/05/03/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/unity/+bug/1308750"}, {"name": "[oss-security] 20140426 Ubuntu 14.04: security problem in the lock screen", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/04/26/1"}, {"name": "[oss-security] 20140426 Re: Ubuntu 14.04: security problem in the lock screen", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/04/26/2"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2014-3202", "datePublished": "2014-05-06T14:00:00", "dateReserved": "2014-05-03T00:00:00", "dateUpdated": "2024-08-06T10:35:56.958Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ayatana_project:unity:*:*:*:*:*:*:*:*", "matchCriteriaId": "1170F9BB-9FFB-407F-B8D3-F8417383021F", "versionEndIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ayatana_project:unity:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "982E87CF-26D7-4D2F-AA5F-57798C2F4D33", "vulnerable": true}, {"criteria": "cpe:2.3:a:ayatana_project:unity:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B5CD4318-783D-4428-815B-DD2C6F912C3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ayatana_project:unity:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2562307E-490C-485E-9C1A-4A569565270F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ayatana_project:unity:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "35E3A65D-6F6F-4457-A836-89A54CEDB9D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ayatana_project:unity:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A052C0C4-4408-4014-AE8F-F894AB04BF1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ayatana_project:unity:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "07D5E8C8-34DD-4EA0-B686-2088F5C11122", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash."}, {"lang": "es", "value": "Unity anterior a 7.2.1 no maneja debidamente activaci\u00f3n de entrada, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos evadir la pantalla de bloqueo mediante la presi\u00f3n continua sobre la tecla ENTER, lo que provoca la ca\u00edda del proceso."}], "id": "CVE-2014-3202", "lastModified": "2014-05-07T13:43:23.373", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-06T14:55:05.917", "references": [{"source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2014/04/26/1"}, {"source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2014/04/26/2"}, {"source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2014/04/29/2"}, {"source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2014/05/03/1"}, {"source": "security@ubuntu.com", "url": "https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572"}, {"source": "security@ubuntu.com", "tags": ["Exploit"], "url": "https://bugs.launchpad.net/unity/+bug/1308750"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}