Vulnerability Details CVE-2007-1859
XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.5%
CVSS Severity
CVSS v2 Score 4.6
References
- http://osvdb.org/35531
- http://secunia.com/advisories/25065
- http://secunia.com/advisories/25105
- http://secunia.com/advisories/25116
- http://secunia.com/advisories/25118
- http://secunia.com/advisories/25119
- http://secunia.com/advisories/25225
- http://secunia.com/advisories/25610
- http://security.gentoo.org/glsa/glsa-200705-14.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:097
- http://www.novell.com/linux/security/advisories/2007_9_sr.html
- http://www.redhat.com/support/errata/RHSA-2007-0322.html
- http://www.securityfocus.com/bid/23783
- http://www.securitytracker.com/id?1017996
- http://www.ubuntu.com/usn/usn-474-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34054
- https://issues.rpath.com/browse/RPL-1293
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11459
- http://osvdb.org/35531
- http://secunia.com/advisories/25065
- http://secunia.com/advisories/25105
- http://secunia.com/advisories/25116
- http://secunia.com/advisories/25118
- http://secunia.com/advisories/25119
- http://secunia.com/advisories/25225
- http://secunia.com/advisories/25610
- http://security.gentoo.org/glsa/glsa-200705-14.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:097
- http://www.novell.com/linux/security/advisories/2007_9_sr.html
- http://www.redhat.com/support/errata/RHSA-2007-0322.html
- http://www.securityfocus.com/bid/23783
- http://www.securitytracker.com/id?1017996
- http://www.ubuntu.com/usn/usn-474-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34054
- https://issues.rpath.com/browse/RPL-1293
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11459
Products affected by CVE-2007-1859
-
cpe:2.3:a:xscreensaver:xscreensaver:4.10
-
cpe:2.3:o:redhat:enterprise_linux:2.1
-
cpe:2.3:o:redhat:enterprise_linux:3.0
-
cpe:2.3:o:redhat:enterprise_linux:4.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0
-
cpe:2.3:o:redhat:linux_advanced_workstation:2.1