XScreenSaver Locked Screen Bypass Vulnerability
BID:26204
Info
XScreenSaver Locked Screen Bypass Vulnerability
| Bugtraq ID: | 26204 |
| Class: | Unknown |
| CVE: |
CVE-2007-5585 |
| Remote: | No |
| Local: | Yes |
| Published: | Oct 17 2007 12:00AM |
| Updated: | Oct 26 2007 01:36AM |
| Credit: | Patrick C. F. Ernzer discovered this vulnerability. |
| Vulnerable: |
Xscreensaver Xscreensaver 5.03 |
| Not Vulnerable: | |
Discussion
XScreenSaver Locked Screen Bypass Vulnerability
XScreenSaver is prone to a vulnerability that lets local attackers bypass a user's locked screen. The issue occurs because the application crashes randomly when configured in a specific manner.
This issue affects XScreenSaver 5.03-10 with the 'rss-glx-xscreensaver' and 'tempest' packages; other versions may also be affected.
XScreenSaver is prone to a vulnerability that lets local attackers bypass a user's locked screen. The issue occurs because the application crashes randomly when configured in a specific manner.
This issue affects XScreenSaver 5.03-10 with the 'rss-glx-xscreensaver' and 'tempest' packages; other versions may also be affected.
Exploit / POC
XScreenSaver Locked Screen Bypass Vulnerability
To exploit this issue, attackers require physical console access.
To exploit this issue, attackers require physical console access.
Solution / Fix
XScreenSaver Locked Screen Bypass Vulnerability
Solution:
The vendor has released advisories and fixes to address this issue; please see the references for more information.
Solution:
The vendor has released advisories and fixes to address this issue; please see the references for more information.
References
XScreenSaver Locked Screen Bypass Vulnerability
References:
References:
- Bug 336331: password prompt crashes by gl hacks without gl helper (Red Hat)
- XScreenSaver Homepage (Jamie Zawinski)