XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an malicious user to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xscreensaver project xscreensaver 5.45 |
||
fedoraproject fedora 33 |