176913 – x11-misc/xscreensaver authentification bypass (CVE-2007-1859)

Bug 176913 - x11-misc/xscreensaver authentification bypass (CVE-2007-1859)

Summary: x11-misc/xscreensaver authentification bypass (CVE-2007-1859)

Status:	RESOLVED DUPLICATE of bug 176584

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/25065/
Whiteboard:	B? [stable?] p-y
Keywords:

Depends on:
Blocks:

Reported:	2007-05-03 12:53 UTC by Pierre-Yves Rofes (RETIRED)
Modified:	2007-05-03 13:10 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-05-03 12:53:39 UTC

Alex Yamauchi has reported a weakness in XScreenSaver, which potentially can be exploited by malicious people to bypass certain security restrictions.

The weakness is caused due to an error within the parsing of results of a call to "getpwuid()" in drivers/lock.c when using directory servers during a network outage. This can be exploited to e.g. crash XScreenSaver and thus gain access to a locked system.

Solution:
Update to version 5.02.

Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-05-03 12:56:53 UTC

setting status and cc'ing herd. desktop-misc, please advise.

Comment 2 Samuli Suominen (RETIRED) gentoo-dev

2007-05-03 13:10:45 UTC


*** This bug has been marked as a duplicate of bug 176584 ***