Lucene search

[email protected]CVE-2015-8025

HistoryNov 10, 2015 - 5:59 p.m.

CVE-2015-8025

2015-11-1017:59:11

CWE-264

[email protected]

web.nvd.nist.gov

xscreensaver

bypass

lock screen

hot swapping monitors

cve-2015-8025

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.0%

JSON

driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.

Affected configurations

NVD

Node

canonicalubuntu_linuxMatch12.04lts

Node

xscreensaver_projectxscreensaverMatch5.33

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04

References

lists.opensuse.org/opensuse-updates/2015-11/msg00102.html

www.debian.org/security/2016/dsa-3438

www.openwall.com/lists/oss-security/2015/10/24/2

www.openwall.com/lists/oss-security/2015/10/25/1

www.openwall.com/lists/oss-security/2015/10/29/12

www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

www.securitytracker.com/id/1034052

www.ubuntu.com/usn/USN-2789-1

twitter.com/Thaolia/status/656823859304398848

www.jwz.org/blog/2015/10/xscreensaver-5-34/

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.0%

JSON

Related for CVE-2015-8025

nessus8 nvd1 openvas8 ubuntucve1 debian3 prion1 ubuntu1 freebsd1 cvelist1 debiancve1 mageia1