CVE-2007-1859

Related Files

Ubuntu Security Notice 474-1

Posted Jun 14, 2007

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 474-1 - It was discovered that xscreensaver did not correctly validate the return values from network authentication systems such as LDAP or NIS. A local attacker could bypass a locked screen if they were able to interrupt network connectivity.

tags | advisory, local

systems | linux, ubuntu

advisories | CVE-2007-1859

SHA-256 | 72b88d61bc7055aaa1e25acbb2dfe5eea23d3de4c8446e1781ce302bef159182

Download | Favorite | View

Gentoo Linux Security Advisory 200705-14

Posted May 15, 2007

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200705-14 - XScreenSaver incorrectly handles the results of the getpwuid() function in drivers/lock.c when using directory servers during a network outage. Versions less than 5.02 are affected.

tags | advisory

systems | linux, gentoo

advisories | CVE-2007-1859

SHA-256 | dfeb074b5484bc8d9d64dac02e870671ebc4317e59431cfd071d2065879a29c1

Download | Favorite | View

Mandriva Linux Security Advisory 2007.097

Posted May 3, 2007

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A problem with the way xscreensaver verifies user passwords was discovered by Alex Yamauchi. When a system is using remote authentication (i.e. LDAP) for logins, a local attacker able to cause a network outage on the system could cause xscreensaver to crash, which would unlock the screen.

tags | advisory, remote, local

systems | linux, mandriva

advisories | CVE-2007-1859

SHA-256 | bd6ea4fe888f2d8f67328e5e2797f47bb793f3c6aaf724d821bc118d19df96ce

Download | Favorite | View