CVSS Base Vector:
The remote host is missing an update for the 'xtrlock'
Linux Distribution Package(s) announced via the DSA-1959-1 advisory.
Checks if a vulnerable Linux Distribution Package version is present on the target host.
It was discovered that multitouch devices were not being disabled
by the 'xtrlock' screen locking utility.
xtrlock did not block multitouch events so an attacker could still
input and thus control various programs such as Chromium, etc. via
so-called 'multitouch' events including pan scrolling, 'pinch and
zoom' or even being able to provide regular mouse clicks by
depressing the touchpad once and then clicking with a secondary
'xtrlock' Linux Distribution Package(s) on Debian Linux.
For Debian 8 'Jessie', this issue has been fixed in xtrlock version
2.6+deb8u1. However, this fix does not the situation where an
attacker plugs in a multitouch device *after* the screen has been
locked. For more information on this, please see:
We recommend that you upgrade your xtrlock Linux Distribution Packages.
NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)
Linux Distribution Package