Computer Security
[EN] securityvulns.ru no-pyccku


xscreensaver console access protection bypass
Published:04.05.2007
Source:
SecurityVulns ID:7668
Type:remote
Threat Level:
5/10
Description:Application crashes on network link failure, if remote authentication is used. It makes it possible to access protected X session.
Affected:XSCREENSAVER : xscreensaver 4.14
 XORG : xscreensaver 5.01
CVE:CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.)
Original documentdocumentMANDRIVA, [ MDKSA-2007:097 ] - Updated xscreensaver packages fix vulnerability (04.05.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod