[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1859Date: (C)2007-05-02   (M)2023-12-22


XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1017996
BID-23783
SECUNIA-25065
SECUNIA-25105
SECUNIA-25116
SECUNIA-25118
SECUNIA-25119
SECUNIA-25225
SECUNIA-25610
OSVDB-35531
GLSA-200705-14
MDKSA-2007:097
RHSA-2007:0322
SUSE-SR:2007:009
USN-474-1
https://issues.rpath.com/browse/RPL-1293
oval:org.mitre.oval:def:11459
xscreensaver-getpwuid-authentication-bypass(34054)

CPE    2
cpe:/o:redhat:enterprise_linux_desktop:3.0
cpe:/o:redhat:enterprise_linux_desktop:4.0
CWE    1
CWE-287

© SecPod Technologies