Published: 10/11/2015 Updated: 07/12/2016

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

driver/subprocs.c in XScreenSaver prior to 5.34 does not properly perform an internal consistency check, which allows physically proximate malicious users to bypass the lock screen by hot swapping monitors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 12.04
xscreensaver project xscreensaver 5.33

Debian Bug report logs - #802914 xscreensaver: CVE-2015-8025: crash when hot-swapping monitors while locked Package: xscreensaver; Maintainer for xscreensaver is Tormod Volden <debiantormod@gmailcom>; Source for xscreensaver is src:xscreensaver (PTS, buildd, popcon) Reported by: Michael Gilbert <mgilbert@debianorg> ...

The system could be made to expose sensitive information ...

It was discovered that unplugging one of the monitors in a multi-monitor setup can cause xscreensaver to crash Someone with physical access to a machine could use this problem to bypass a locked session For the oldstable distribution (wheezy), this problem has been fixed in version 515-3+deb7u1 For the stable distribution (jessie), this problem ...

CWE-264 https://twitter.com/Thaolia/status/656823859304398848 http://www.securitytracker.com/id/1034052 http://www.ubuntu.com/usn/USN-2789-1 http://www.openwall.com/lists/oss-security/2015/10/29/12 http://www.openwall.com/lists/oss-security/2015/10/24/2 http://www.openwall.com/lists/oss-security/2015/10/25/1 https://www.jwz.org/blog/2015/10/xscreensaver-5-34/http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html http://www.debian.org/security/2016/dsa-3438 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802914 https://usn.ubuntu.com/2789-1/https://nvd.nist.gov

CVE-2015-8025

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect