Lucene search

RedhatCVE-2007-1859

HistoryMay 02, 2007 - 8:19 p.m.

CVE-2007-1859

2007-05-0220:19:00

CWE-287

redhat

web.nvd.nist.gov

xscreensaver

getpwuid

authentication bypass

local users

network connectivity

crash

screen unlock

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.001

Percentile

38.4%

JSON

XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.

Affected configurations

Nvd

Node

redhatenterprise_linuxMatch2.1advanced_server

redhatenterprise_linuxMatch2.1enterprise_server

redhatenterprise_linuxMatch2.1workstation

redhatenterprise_linuxMatch3.0advanced_servers

redhatenterprise_linuxMatch3.0enterprise_server

redhatenterprise_linuxMatch3.0workstation

redhatenterprise_linuxMatch4.0advanced_server

redhatenterprise_linuxMatch4.0enterprise_server

redhatenterprise_linuxMatch4.0workstation

redhatenterprise_linux_desktopMatch3.0

redhatenterprise_linux_desktopMatch4.0

redhatlinux_advanced_workstationMatch2.1itanium

AND

xscreensaverxscreensaverMatch4.10

VendorProductVersionCPE
redhatenterprise_linux2.1cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
redhatenterprise_linux2.1cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
redhatenterprise_linux2.1cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
redhatenterprise_linux3.0cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
redhatenterprise_linux3.0cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
redhatenterprise_linux3.0cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
redhatenterprise_linux4.0cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
redhatenterprise_linux4.0cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
redhatenterprise_linux4.0cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
redhatenterprise_linux_desktop3.0cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
redhat	enterprise_linux	3.0	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_servers:::::
redhat	enterprise_linux	3.0	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
redhat	enterprise_linux	3.0	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation:::::
redhat	enterprise_linux	4.0	cpe:2.3:o:redhat:enterprise_linux:4.0::advanced_server:::::
redhat	enterprise_linux	4.0	cpe:2.3:o:redhat:enterprise_linux:4.0::enterprise_server:::::
redhat	enterprise_linux	4.0	cpe:2.3:o:redhat:enterprise_linux:4.0::workstation:::::
redhat	enterprise_linux_desktop	3.0	cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*