CVE-2003-0885
Summary
| CVE | CVE-2003-0885 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2003-12-31 05:00:00 UTC |
| Updated | 2008-09-05 20:35:00 UTC |
| Description | Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Xscreensaver | Xscreensaver | 4.14 | All | All | All |
| Application | Xscreensaver | Xscreensaver | 4.14 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 41253 – [security] xscreensaver 4.14 makes file in /tmp, symlink attack | CONFIRM | bugs.gentoo.org | Exploit, Patch, Vendor Advisory |
| 182286 – CVE-2003-1294 xscreensaver temporary file flaws | CONFIRM | bugzilla.redhat.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2006-08-30 | Mark J Cox | This issue did not affect the versions of Xscreensaver as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. |
There are currently no legacy QID mappings associated with this CVE.