Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 176913 - x11-misc/xscreensaver authentification bypass (CVE-2007-1859)
Summary: x11-misc/xscreensaver authentification bypass (CVE-2007-1859)
Status: RESOLVED DUPLICATE of bug 176584
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://secunia.com/advisories/25065/
Whiteboard: B? [stable?] p-y
Keywords:
Depends on:
Blocks:
 
Reported: 2007-05-03 12:53 UTC by Pierre-Yves Rofes (RETIRED)
Modified: 2007-05-03 13:10 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-05-03 12:53:39 UTC
Alex Yamauchi has reported a weakness in XScreenSaver, which potentially can be exploited by malicious people to bypass certain security restrictions.

The weakness is caused due to an error within the parsing of results of a call to "getpwuid()" in drivers/lock.c when using directory servers during a network outage. This can be exploited to e.g. crash XScreenSaver and thus gain access to a locked system.

Solution:
Update to version 5.02.
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-05-03 12:56:53 UTC
setting status and cc'ing herd. desktop-misc, please advise.
Comment 2 Samuli Suominen (RETIRED) gentoo-dev 2007-05-03 13:10:45 UTC

*** This bug has been marked as a duplicate of bug 176584 ***