#VU41744 Input validation error in gnome-shell - CVE-2013-7220
Published: April 29, 2014 / Updated: August 10, 2020
Vulnerability identifier: #VU41744
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2013-7220
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
gnome-shell
gnome-shell
Software vendor:
Gnome Development Team
Gnome Development Team
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search. Per: https://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
Remediation
Install update from vendor's website.
External links
- http://www.openwall.com/lists/oss-security/2013/12/27/4
- http://www.openwall.com/lists/oss-security/2013/12/27/6
- http://www.openwall.com/lists/oss-security/2013/12/27/8
- https://bugzilla.gnome.org/show_bug.cgi?id=686740
- https://bugzilla.redhat.com/show_bug.cgi?id=1030431
- https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j