Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2007-1859

Published: 02/05/2007 Updated: 11/10/2017
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Enterprise Linux

Vulnerability Summary

XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.

Vulnerable Product Search on Vulmon Subscribe to Product

xscreensaver xscreensaver 4.10

Vendor Advisories

Ubuntu Security Notice: xscreensaver vulnerability
It was discovered that xscreensaver did not correctly validate the return values from network authentication systems such as LDAP or NIS A local attacker could bypass a locked screen if they were able to interrupt network connectivity ...
Debian CVElist Bug Report Logs: possible security problem with xscreensaver
Debian Bug report logs - #433964 possible security problem with xscreensaver Package: xscreensaver; Maintainer for xscreensaver is Tormod Volden <debiantormod@gmailcom>; Source for xscreensaver is src:xscreensaver (PTS, buildd, popcon) Reported by: Steffen Joeris <white@debianorg> Date: Fri, 20 Jul 2007 17:21:01 U ...
Debian CVElist Bug Report Logs: gnome-screensaver: CVE-2008-1683 unlocks session if it fails to get user attributes via getpwnam()
Debian Bug report logs - #475154 gnome-screensaver: CVE-2008-1683 unlocks session if it fails to get user attributes via getpwnam() Package: gnome-screensaver; Maintainer for gnome-screensaver is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for gnome-screensaver is src:gnome-screensaver (PTS, buil ...

References

CWE-287http://www.redhat.com/support/errata/RHSA-2007-0322.htmlhttps://issues.rpath.com/browse/RPL-1293http://www.mandriva.com/security/advisories?name=MDKSA-2007:097http://www.novell.com/linux/security/advisories/2007_9_sr.htmlhttp://www.securityfocus.com/bid/23783http://www.securitytracker.com/id?1017996http://secunia.com/advisories/25065http://secunia.com/advisories/25105http://secunia.com/advisories/25118http://secunia.com/advisories/25116http://secunia.com/advisories/25119http://security.gentoo.org/glsa/glsa-200705-14.xmlhttp://secunia.com/advisories/25225http://www.ubuntu.com/usn/usn-474-1http://secunia.com/advisories/25610http://osvdb.org/35531https://exchange.xforce.ibmcloud.com/vulnerabilities/34054https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11459https://usn.ubuntu.com/474-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook