Bugzilla – Bug 1160775
VUL-0: CVE-2012-4524: xlockmore: screensaver crash (screen lock bypass) when 'dclock' mode used
Last modified: 2020-01-13 12:58:51 UTC
CVE-2012-4524 A denial of service flaw was found in the way xlockmore, X screen lock and screen saver, performed passing arguments to underlying localtime() call, when the 'dlock' mode was used. An attacker could use this flaw to potentially obtain unauthorized access to screen / graphical session, previously locked by another user / victim. CVE request (containing also patch proposal): [1] http://www.openwall.com/lists/oss-security/2012/10/17/10 References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4524 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4524 http://www.openwall.com/lists/oss-security/2012/10/17/12 http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-4524.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4524 https://access.redhat.com/security/cve/cve-2012-4524 https://security-tracker.debian.org/tracker/CVE-2012-4524 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091108.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091150.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091709.html http://security.gentoo.org/glsa/glsa-201309-03.xml http://www.securityfocus.com/bid/56169
This bug only affects platforms where sizeof(time_t) > sizeof(long int), which does not apply to any supported SUSE product.