Bug 119628

Summary: VUL-0: powersave -U is working for non-desktop user
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Stefan Behlert <behlert>
Component: Mobile DevicesAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-4778: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Stefan Behlert 2005-09-30 11:30:14 UTC 
look for a machine where someone is working on a desktop. Login remote. 
Type 'powersave -U'. 
Hear the desktop user scream when his machine goes into suspend. 
powersave -U/-u should only work for X-user.
Comment 1 Holger Macht 2005-09-30 11:43:19 UTC 
We are checking this currently.
Comment 2 Timo Hoenig 2005-09-30 12:27:20 UTC 
This is caused due to missing entries in /etc/dbus-1/system.d/powersave.conf. 
We've prepared a fix.

Andreas, do we need a new SWAMP id (since it is a security issue) or can we use 
SWAMP id 2419?
Comment 3 Andreas Jaeger 2005-09-30 12:45:01 UTC 
Use SWAMP ID 2419 - and talk to the security-team.  They should release this
and change 2419 for their needs.
Comment 4 Marcus Meissner 2005-09-30 17:02:34 UTC 
after you submitted the fixed package, please jsut assign the bug to us.  
 
I take it that only 10.0 is affected?
Comment 5 Holger Macht 2005-10-03 18:24:14 UTC 
package and patchinfo submitted.

Yes, only 10.0 is affected.
Comment 6 Marcus Meissner 2005-10-05 14:25:01 UTC 
updates released.
Comment 7 Marcus Meissner 2006-04-18 14:45:33 UTC 
CVE-2005-4778

The powersave daemon in SUSE Linux 10.0 before 20051007 has an
unspecified "configuration problem," which allows local users to
suspend the computer and possibly perform certain other unauthorized
actions.
Comment 8 Thomas Biege 2009-10-13 21:38:07 UTC 
CVE-2005-4778: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)