CVE-2008-0887

Related Files

Ubuntu Security Notice 669-1

Posted Nov 11, 2008

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-669-1 - It was discovered that the notify feature in gnome-screensaver could let a local attacker read the clipboard contents of a locked session by using Ctrl-V.Alan Matsuoka discovered that gnome-screensaver did not properly handle network outages when using a remote authentication service. During a network interruption, or by disconnecting the network cable, a local attacker could gain access to locked sessions.

tags | advisory, remote, local

systems | linux, ubuntu

advisories | CVE-2007-6389, CVE-2008-0887

SHA-256 | 503ea5bb6995d52601e91c8918a28987277789d1561a4afbacdbb67e4fc0ef5b

Download | Favorite | View

Mandriva Linux Security Advisory 2008-132

Posted Jul 10, 2008

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability was found in gnome-screensaver prior to 2.22.1 when a remote authentication server was enabled. During a network outage, gnome-screensaver would crash upon an unlock attempt, allowing physically local users to gain access to locked sessions. The updated packages have been patched to correct this issue.

tags | advisory, remote, local

systems | linux, mandriva

advisories | CVE-2008-0887

SHA-256 | db1fd54bfb61c2ea50edcb42a6982539a04cc059a046ec15aa3893a6d4f9df0a

Download | Favorite | View

Gentoo Linux Security Advisory 200804-12

Posted Apr 11, 2008

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-12 - gnome-screensaver incorrectly handles the results of the getpwuid() function in the file src/setuid.c when using directory servers (like NIS) during a network outage, a similar issue to GLSA 200705-14. Versions less than 2.20.0-r3 are affected.

tags | advisory

systems | linux, gentoo

advisories | CVE-2008-0887

SHA-256 | 1c166bbb47281153c9a39e490981d486f4ed1c6a8735bf3de4ea53c10bcbc55a

Download | Favorite | View