4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
10.1%
CentOS Errata and Security Advisory CESA-2007:0322
XScreenSaver is a collection of screensavers.
Alex Yamauchi discovered a flaw in the way XScreenSaver verifies user
passwords. When a system is using a remote directory service for login
credentials, a local attacker may be able to cause a network outage causing
XScreenSaver to crash, unlocking the screen. (CVE-2007-1859)
Users of XScreenSaver should upgrade to this updated package, which
contains a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-May/075874.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075875.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075876.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075878.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075879.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075894.html
Affected packages:
xscreensaver
Upstream details at:
https://access.redhat.com/errata/None
https://access.redhat.com/errata/RHSA-2007:0322
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | xscreensaver | < 4.10-21.el3 | xscreensaver-4.10-21.el3.i386.rpm |
CentOS | 3 | x86_64 | xscreensaver | < 4.10-21.el3 | xscreensaver-4.10-21.el3.x86_64.rpm |
CentOS | 3 | ia64 | xscreensaver | < 4.10-21.el3 | xscreensaver-4.10-21.el3.ia64.rpm |
CentOS | 3 | s390 | xscreensaver | < 4.10-21.el3 | xscreensaver-4.10-21.el3.s390.rpm |
CentOS | 3 | s390x | xscreensaver | < 4.10-21.el3 | xscreensaver-4.10-21.el3.s390x.rpm |
CentOS | 4 | s390 | xscreensaver | < 4.18-5.rhel4.14 | xscreensaver-4.18-5.rhel4.14.s390.rpm |
CentOS | 4 | s390x | xscreensaver | < 4.18-5.rhel4.14 | xscreensaver-4.18-5.rhel4.14.s390x.rpm |