Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2008-6514

Publication date 18 November 2008

Last updated 24 July 2024


Ubuntu priority

The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920.

From the Ubuntu Security Team

It was discovered that the Expo plugin for Compiz did not correctly restrict the screensaver window from being moved with the mouse. A local attacker could use the mouse to move the screensaver off the screen and gain access to the locked desktop session underneath. Default installs of Ubuntu were not vulnerable as Expo does not come pre-configured with mouse bindings.

Status

Package Ubuntu Release Status
compiz-fusion-plugins-main 8.10 intrepid
Fixed 0.7.8-0ubuntu2.2
8.04 LTS hardy
Fixed 0.7.4-0ubuntu6.2
7.10 gutsy
Fixed 0.5.2+git20070928-0ubuntu2.2
6.06 LTS dapper Not in release

References

Related Ubuntu Security Notices (USN)

    • USN-688-1
    • Compiz vulnerability
    • 9 December 2008

Other references