Lucene search

RedhatCVE-2003-1294

HistoryFeb 28, 2006 - 1:00 a.m.

CVE-2003-1294

2006-02-2801:00:00

redhat

web.nvd.nist.gov

xscreensaver

cve-2003-1294

security

vulnerability

symlink attack

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

Percentile

10.1%

JSON

Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.

Affected configurations

Nvd

Node

xscreensaverxscreensaverMatch4.05_5cl

xscreensaverxscreensaverMatch4.05_6

xscreensaverxscreensaverMatch4.05_6a

xscreensaverxscreensaverMatch4.05_150

xscreensaverxscreensaverMatch4.07_2

xscreensaverxscreensaverMatch4.08_29135cl

xscreensaverxscreensaverMatch4.09_0

xscreensaverxscreensaverMatch4.10_4

xscreensaverxscreensaverMatch4.10_6

xscreensaverxscreensaverMatch4.10_8

xscreensaverxscreensaverMatch4.10_15

xscreensaverxscreensaverMatch4.11_0

xscreensaverxscreensaverMatch4.12_58

xscreensaverxscreensaverMatch4.12_62

xscreensaverxscreensaverMatch4.14_0

xscreensaverxscreensaverMatch4.14_2

xscreensaverxscreensaverMatch4.14_4

xscreensaverxscreensaverMatch4.14_5

VendorProductVersionCPE
xscreensaverxscreensaver4.05_5clcpe:2.3:a:xscreensaver:xscreensaver:4.05_5cl:*:*:*:*:*:*:*
xscreensaverxscreensaver4.05_6cpe:2.3:a:xscreensaver:xscreensaver:4.05_6:*:*:*:*:*:*:*
xscreensaverxscreensaver4.05_6acpe:2.3:a:xscreensaver:xscreensaver:4.05_6a:*:*:*:*:*:*:*
xscreensaverxscreensaver4.05_150cpe:2.3:a:xscreensaver:xscreensaver:4.05_150:*:*:*:*:*:*:*
xscreensaverxscreensaver4.07_2cpe:2.3:a:xscreensaver:xscreensaver:4.07_2:*:*:*:*:*:*:*
xscreensaverxscreensaver4.08_29135clcpe:2.3:a:xscreensaver:xscreensaver:4.08_29135cl:*:*:*:*:*:*:*
xscreensaverxscreensaver4.09_0cpe:2.3:a:xscreensaver:xscreensaver:4.09_0:*:*:*:*:*:*:*
xscreensaverxscreensaver4.10_4cpe:2.3:a:xscreensaver:xscreensaver:4.10_4:*:*:*:*:*:*:*
xscreensaverxscreensaver4.10_6cpe:2.3:a:xscreensaver:xscreensaver:4.10_6:*:*:*:*:*:*:*
xscreensaverxscreensaver4.10_8cpe:2.3:a:xscreensaver:xscreensaver:4.10_8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xscreensaver	xscreensaver	4.05_5cl	cpe:2.3:a:xscreensaver:xscreensaver:4.05_5cl:::::::*
xscreensaver	xscreensaver	4.05_6	cpe:2.3:a:xscreensaver:xscreensaver:4.05_6:::::::*
xscreensaver	xscreensaver	4.05_6a	cpe:2.3:a:xscreensaver:xscreensaver:4.05_6a:::::::*
xscreensaver	xscreensaver	4.05_150	cpe:2.3:a:xscreensaver:xscreensaver:4.05_150:::::::*
xscreensaver	xscreensaver	4.07_2	cpe:2.3:a:xscreensaver:xscreensaver:4.07_2:::::::*
xscreensaver	xscreensaver	4.08_29135cl	cpe:2.3:a:xscreensaver:xscreensaver:4.08_29135cl:::::::*
xscreensaver	xscreensaver	4.09_0	cpe:2.3:a:xscreensaver:xscreensaver:4.09_0:::::::*
xscreensaver	xscreensaver	4.10_4	cpe:2.3:a:xscreensaver:xscreensaver:4.10_4:::::::*
xscreensaver	xscreensaver	4.10_6	cpe:2.3:a:xscreensaver:xscreensaver:4.10_6:::::::*
xscreensaver	xscreensaver	4.10_8	cpe:2.3:a:xscreensaver:xscreensaver:4.10_8:::::::*

Rows per page:

1-10 of 181

References

ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc

jwz.livejournal.com/310943.html

secunia.com/advisories/20224

secunia.com/advisories/20226

secunia.com/advisories/20456

secunia.com/advisories/20782

support.avaya.com/elmodocs2/security/ASA-2006-107.htm

www.novell.com/linux/download/updates/90_i386.html

www.redhat.com/support/errata/RHSA-2006-0498.html

www.securityfocus.com/bid/9125

www.vupen.com/english/advisories/2006/1948

bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10848

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

Percentile

10.1%

JSON

Related for CVE-2003-1294