Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 196980 (CVE-2007-5585)

Summary: x11-misc/rss-glx Xscreensaver lock bypass (CVE-2007-5585)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: AuditingAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: desktop-misc, kde
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/27392/
Whiteboard:
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2007-10-24 23:54:24 UTC 
CVE-2007-5585 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5585):
  xscreensaver 5.03 and earlier, when running without xscreensaver-gl-extras
  (GL extras) installed, crashes when /usr/bin/xscreensaver-gl-helper does not
  exist and a user attempts to unlock the screen, which allows attackers with
  physical access to gain access to the locked session.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-10-24 23:58:23 UTC 
This looks like it does not affect Xscreensaver because when USE=opengl is used, the xscreensaver-gl-helper is installed.

rss-glx also works with kdeartwork-kscreensaver, is this combination affected by the issue at hand?

Desktop-misc and kde, please advise.
Comment 2 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-10-25 07:09:52 UTC 
i would say it does not affect us
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-10-29 21:54:45 UTC 
(In reply to comment #2)
> i would say it does not affect us
> 

desktop-misc/kde, do you confirm? can we close this one as invalid?
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2007-11-14 00:16:56 UTC 
ping, desktop-misc and kde herds?
Comment 5 Samuli Suominen (RETIRED) gentoo-dev 2008-02-06 11:40:46 UTC 
Confirmed. 5.04 fixes this issue, we have a stable bug open for that bug some arches are slacking
Comment 6 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-06 12:06:17 UTC 
(In reply to comment #5)
> Confirmed. 
> 
ok, so closing as invalid.

>5.04 fixes this issue, we have a stable bug open for that bug some
> arches are slacking

Since this issue does not affect us, it's not our problem anymore :p