{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-29T00:00:00", "descriptions": [{"lang": "en", "value": "GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-03-16T12:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013"}, {"name": "RHSA-2015:0535", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0535.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=737456"}, {"name": "[oss-security] 20140929 gnome-shell lockscreen bypass with printscreen key", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/09/29/17"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7300", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013", "refsource": "CONFIRM", "url": "https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013"}, {"name": "RHSA-2015:0535", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0535.html"}, {"name": "https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378", "refsource": "CONFIRM", "url": "https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378"}, {"name": "https://bugzilla.gnome.org/show_bug.cgi?id=737456", "refsource": "CONFIRM", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=737456"}, {"name": "[oss-security] 20140929 gnome-shell lockscreen bypass with printscreen key", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/09/29/17"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T12:47:32.779Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013"}, {"name": "RHSA-2015:0535", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0535.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=737456"}, {"name": "[oss-security] 20140929 gnome-shell lockscreen bypass with printscreen key", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/09/29/17"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-7300", "datePublished": "2014-12-25T21:00:00", "dateReserved": "2014-10-02T00:00:00", "dateUpdated": "2024-08-06T12:47:32.779Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gnome-shell:3.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "DD535807-17D9-4599-AEAE-5CC7FD3FF5A3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer."}, {"lang": "es", "value": "GNOME Shell 3.14.x anterior a 3.14.1, cuando se utiliza la caracter\u00edstica Screen Lock, no se limita el consumo de memoria para todas las peticiones activas PrtSc , lo que permite a atacantes cercanos f\u00edsicamente ejecutar comandos arbitrarios en una estaci\u00f3n de trabajo desatendida haciendo numerosas peticiones PrtSc y aprovechando un bloqueo temporal, y la disponibilidad de una shell resultante temporal, causada por Linux kernel OOM killer."}], "id": "CVE-2014-7300", "lastModified": "2024-11-21T02:16:42.970", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-12-25T21:59:02.937", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2014/09/29/17"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0535.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=737456"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2014/09/29/17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0535.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=737456"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:0535", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "clutter-0:1.14.4-12.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0535", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "cogl-0:1.14.0-6.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0535", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "gnome-shell-0:3.8.4-45.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0535", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "mutter-0:3.8.4-16.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}], "bugzilla": {"description": "gnome-shell: lockscreen bypass with printscreen key", "id": "1147917", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147917"}, "csaw": false, "cvss": {"cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "status": "verified"}, "cwe": "CWE-285->CWE-770->CWE-305", "details": ["GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.", "It was found that the Gnome shell did not disable the Print Screen key when the screen was locked. This could allow an attacker with physical access to a system with a locked screen to crash the screen-locking application by creating a large amount of screenshots."], "name": "CVE-2014-7300", "public_date": "2014-09-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-7300\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7300"], "threat_severity": "Low"}