full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] rPSA-2007-0088-1 xscreensa

[Full-disclosure] rPSA-2007-0088-1 xscreensaver

From: rPath Update Announcements <announce-noreply_at_nospam>
Date: Thu May 03 2007 - 19:43:05 GMT
To: security-announce@lists.rpath.com, update-announce@lists.rpath.com


rPath Security Advisory: 2007-0088-1
Published: 2007-05-03
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:

    Local User Deterministic Weakness
Updated Versions:

    xscreensaver=/conary.rpath.com@rpl:devel//1/4.22-1.2-1

References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1859     https://issues.rpath.com/browse/RPL-1293

Description:

    Previous versions of xscreensaver are vulnerable to an attack that     requires that the attacker have physical access. If the system is     configured to use remote directory service for login credentials,     an attacker who can cause or take advantage of a network failure     can cause the xscreensaver process to crash, unlocking the screen,     and allowing the attacker unrestricted access to the system as the     logged-in user.



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/