Detections
Analytics

RHEL 7 : GNOME (RHSA-2020:1021)

medium Nessus Plugin ID 135044

Language:

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1021 advisory.

 GNOME is the default desktop environment of Red Hat Enterprise Linux.

 Security Fix(es):

 * gnome-shell: partial lock screen bypass (CVE-2019-3820)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

 Additional Changes:

 For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?afba0e17

http://www.nessus.org/u?cb461cb2

https://access.redhat.com/security/updates/classification/#moderate

https://access.redhat.com/errata/RHSA-2020:1021

https://bugzilla.redhat.com/show_bug.cgi?id=1421231

https://bugzilla.redhat.com/show_bug.cgi?id=1474305

https://bugzilla.redhat.com/show_bug.cgi?id=1506370

https://bugzilla.redhat.com/show_bug.cgi?id=1547158

https://bugzilla.redhat.com/show_bug.cgi?id=1556776

https://bugzilla.redhat.com/show_bug.cgi?id=1556800

https://bugzilla.redhat.com/show_bug.cgi?id=1583836

https://bugzilla.redhat.com/show_bug.cgi?id=1607839

https://bugzilla.redhat.com/show_bug.cgi?id=1624461

https://bugzilla.redhat.com/show_bug.cgi?id=1630686

https://bugzilla.redhat.com/show_bug.cgi?id=1632904

https://bugzilla.redhat.com/show_bug.cgi?id=1638727

https://bugzilla.redhat.com/show_bug.cgi?id=1646345

https://bugzilla.redhat.com/show_bug.cgi?id=1657887

https://bugzilla.redhat.com/show_bug.cgi?id=1669391

https://bugzilla.redhat.com/show_bug.cgi?id=1672289

https://bugzilla.redhat.com/show_bug.cgi?id=1674534

https://bugzilla.redhat.com/show_bug.cgi?id=1678448

https://bugzilla.redhat.com/show_bug.cgi?id=1687745

https://bugzilla.redhat.com/show_bug.cgi?id=1691197

https://bugzilla.redhat.com/show_bug.cgi?id=1691474

https://bugzilla.redhat.com/show_bug.cgi?id=1702417

https://bugzilla.redhat.com/show_bug.cgi?id=1720286

https://bugzilla.redhat.com/show_bug.cgi?id=1721562

https://bugzilla.redhat.com/show_bug.cgi?id=1723283

https://bugzilla.redhat.com/show_bug.cgi?id=1728761

https://bugzilla.redhat.com/show_bug.cgi?id=1737367

https://bugzilla.redhat.com/show_bug.cgi?id=1737369

https://bugzilla.redhat.com/show_bug.cgi?id=1737515

https://bugzilla.redhat.com/show_bug.cgi?id=1741274

https://bugzilla.redhat.com/show_bug.cgi?id=1743913

https://bugzilla.redhat.com/show_bug.cgi?id=1749325

https://bugzilla.redhat.com/show_bug.cgi?id=1750807

https://bugzilla.redhat.com/show_bug.cgi?id=1752357

https://bugzilla.redhat.com/show_bug.cgi?id=1752367

https://bugzilla.redhat.com/show_bug.cgi?id=1752378

https://bugzilla.redhat.com/show_bug.cgi?id=1752547

https://bugzilla.redhat.com/show_bug.cgi?id=1753799

https://bugzilla.redhat.com/show_bug.cgi?id=1766501

https://bugzilla.redhat.com/show_bug.cgi?id=1772896

https://bugzilla.redhat.com/show_bug.cgi?id=1778270

https://bugzilla.redhat.com/show_bug.cgi?id=1789491

Plugin Details

Severity: Medium

ID: 135044

File Name: redhat-RHSA-2020-1021.nasl

Version: 1.12

Type: local

Agent: unix

Published: 3/31/2020

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-3820

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.9

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:gtk3-devel, p-cpe:/a:redhat:enterprise_linux:gnome-tweak-tool, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-auto-move-windows, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-no-hot-corner, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-common, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extensions, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-apps-menu, p-cpe:/a:redhat:enterprise_linux:gtk3-devel-docs, p-cpe:/a:redhat:enterprise_linux:gnome-settings-daemon, p-cpe:/a:redhat:enterprise_linux:shared-mime-info, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-panel-favorites, p-cpe:/a:redhat:enterprise_linux:gsettings-desktop-schemas-devel, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-dash-to-dock, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-disable-screenshield, p-cpe:/a:redhat:enterprise_linux:accountsservice-libs, p-cpe:/a:redhat:enterprise_linux:nautilus-devel, p-cpe:/a:redhat:enterprise_linux:control-center, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-updates-dialog, p-cpe:/a:redhat:enterprise_linux:gtk3-immodule-xim, p-cpe:/a:redhat:enterprise_linux:gdm, p-cpe:/a:redhat:enterprise_linux:control-center-filesystem, p-cpe:/a:redhat:enterprise_linux:tracker, p-cpe:/a:redhat:enterprise_linux:colord-devel, p-cpe:/a:redhat:enterprise_linux:gnome-online-accounts, p-cpe:/a:redhat:enterprise_linux:nautilus-extensions, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-windowsnavigator, p-cpe:/a:redhat:enterprise_linux:gdm-devel, p-cpe:/a:redhat:enterprise_linux:xchat, p-cpe:/a:redhat:enterprise_linux:libraw-static, p-cpe:/a:redhat:enterprise_linux:colord, p-cpe:/a:redhat:enterprise_linux:mutter, p-cpe:/a:redhat:enterprise_linux:gtk3-tests, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-extra-osk-keys, p-cpe:/a:redhat:enterprise_linux:nautilus, p-cpe:/a:redhat:enterprise_linux:colord-devel-docs, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-launch-new-instance, p-cpe:/a:redhat:enterprise_linux:libcanberra-devel, p-cpe:/a:redhat:enterprise_linux:libcanberra-gtk2, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-horizontal-workspaces, p-cpe:/a:redhat:enterprise_linux:gdm-pam-extensions-devel, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-native-window-placement, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-drive-menu, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-workspace-indicator, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-top-icons, p-cpe:/a:redhat:enterprise_linux:libcanberra-gtk3, p-cpe:/a:redhat:enterprise_linux:gnome-classic-session, p-cpe:/a:redhat:enterprise_linux:xchat-tcl, p-cpe:/a:redhat:enterprise_linux:tracker-preferences, p-cpe:/a:redhat:enterprise_linux:colord-libs, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-alternate-tab, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-screenshot-window-sizer, p-cpe:/a:redhat:enterprise_linux:gtk3, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-window-list, p-cpe:/a:redhat:enterprise_linux:gtk3-immodules, p-cpe:/a:redhat:enterprise_linux:libcanberra, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:gnome-shell, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-systemmonitor, p-cpe:/a:redhat:enterprise_linux:accountsservice, p-cpe:/a:redhat:enterprise_linux:tracker-devel, p-cpe:/a:redhat:enterprise_linux:gnome-settings-daemon-devel, p-cpe:/a:redhat:enterprise_linux:osinfo-db, p-cpe:/a:redhat:enterprise_linux:mutter-devel, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-user-theme, p-cpe:/a:redhat:enterprise_linux:accountsservice-devel, p-cpe:/a:redhat:enterprise_linux:gsettings-desktop-schemas, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-window-grouper, p-cpe:/a:redhat:enterprise_linux:tracker-needle, p-cpe:/a:redhat:enterprise_linux:libraw-devel, p-cpe:/a:redhat:enterprise_linux:gnome-shell-extension-places-menu, p-cpe:/a:redhat:enterprise_linux:libraw, p-cpe:/a:redhat:enterprise_linux:libgweather-devel, p-cpe:/a:redhat:enterprise_linux:libgweather, p-cpe:/a:redhat:enterprise_linux:colord-extra-profiles, p-cpe:/a:redhat:enterprise_linux:tracker-docs, p-cpe:/a:redhat:enterprise_linux:gnome-online-accounts-devel, p-cpe:/a:redhat:enterprise_linux:gtk-update-icon-cache

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/31/2020

Vulnerability Publication Date: 1/25/2019

Reference Information

CVE: CVE-2019-3820

BID: 107305

CWE: 285

RHSA: 2020:1021