Scientific Linux Security Update : gnome-screensaver on SL5.x i386/x86_64
2012-08-01T00:00:00
ID SL_20080402_GNOME_SCREENSAVER_ON_SL5_X.NASL Type nessus Reporter This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2012-08-01T00:00:00
Description
A flaw was found in the way gnome-screensaver verified user passwords.
When a system used a remote directory service for login credentials, a
local attacker able to cause a network outage could cause
gnome-screensaver to crash, unlocking the screen. (CVE-2008-0887)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(60379);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2008-0887");
script_name(english:"Scientific Linux Security Update : gnome-screensaver on SL5.x i386/x86_64");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Scientific Linux host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"A flaw was found in the way gnome-screensaver verified user passwords.
When a system used a remote directory service for login credentials, a
local attacker able to cause a network outage could cause
gnome-screensaver to crash, unlocking the screen. (CVE-2008-0887)"
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind0804&L=scientific-linux-errata&T=0&P=201
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?40175f51"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected gnome-screensaver package."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"patch_publication_date", value:"2008/04/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL5", reference:"gnome-screensaver-2.16.1-5.el5_1.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "SL_20080402_GNOME_SCREENSAVER_ON_SL5_X.NASL", "bulletinFamily": "scanner", "title": "Scientific Linux Security Update : gnome-screensaver on SL5.x i386/x86_64", "description": "A flaw was found in the way gnome-screensaver verified user passwords.\nWhen a system used a remote directory service for login credentials, a\nlocal attacker able to cause a network outage could cause\ngnome-screensaver to crash, unlocking the screen. (CVE-2008-0887)", "published": "2012-08-01T00:00:00", "modified": "2012-08-01T00:00:00", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}, "href": "https://www.tenable.com/plugins/nessus/60379", "reporter": "This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?40175f51"], "cvelist": ["CVE-2008-0887"], "type": "nessus", "lastseen": "2021-01-17T13:43:54", "edition": 24, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0887"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231065155", "OPENVAS:1361412562310122585", "OPENVAS:60812", "OPENVAS:65837", "OPENVAS:136141256231065837", "OPENVAS:65155", "OPENVAS:830579", "OPENVAS:870040", "OPENVAS:870111", "OPENVAS:1361412562310122599"]}, {"type": "centos", "idList": ["CESA-2008:0197"]}, {"type": "redhat", "idList": ["RHSA-2008:0218", "RHSA-2008:0197"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0218", "ELSA-2008-0197"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8899", "SECURITYVULNS:DOC:19633"]}, {"type": "seebug", "idList": ["SSV:3578"]}, {"type": "nessus", "idList": ["FEDORA_2008-2967.NASL", "FEDORA_2008-3017.NASL", "GENTOO_GLSA-200804-12.NASL", "CENTOS_RHSA-2008-0197.NASL", "SUSE_GNOME-SCREENSAVER-5172.NASL", "REDHAT-RHSA-2008-0218.NASL", "REDHAT-RHSA-2008-0197.NASL", "SUSE_GNOME-SCREENSAVER-5175.NASL", "SUSE_GNOME-SCREENSAVER-5179.NASL", "MANDRIVA_MDVSA-2008-132.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200804-12"]}, {"type": "ubuntu", "idList": ["USN-669-1"]}, {"type": "fedora", "idList": ["FEDORA:M395SDQC000461", "FEDORA:M395VK62000987"]}], "modified": "2021-01-17T13:43:54", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-01-17T13:43:54", "rev": 2}, "vulnersScore": 5.3}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60379);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0887\");\n\n script_name(english:\"Scientific Linux Security Update : gnome-screensaver on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way gnome-screensaver verified user passwords.\nWhen a system used a remote directory service for login credentials, a\nlocal attacker able to cause a network outage could cause\ngnome-screensaver to crash, unlocking the screen. (CVE-2008-0887)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0804&L=scientific-linux-errata&T=0&P=201\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40175f51\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-screensaver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"gnome-screensaver-2.16.1-5.el5_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Scientific Linux Local Security Checks", "pluginID": "60379", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:35:11", "description": "gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.", "edition": 6, "cvss3": {}, "published": "2008-04-06T23:44:00", "title": "CVE-2008-0887", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0887"], "modified": "2017-09-29T01:30:00", "cpe": ["cpe:/a:gnome:screensaver:2.20.0"], "id": "CVE-2008-0887", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0887", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:gnome:screensaver:2.20.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-27T10:56:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "description": "Check for the Version of gnome-screensaver", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:870111", "href": "http://plugins.openvas.org/nasl.php?oid=870111", "type": "openvas", "title": "RedHat Update for gnome-screensaver RHSA-2008:0218-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gnome-screensaver RHSA-2008:0218-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"gnome-screensaver is the GNOME project's official screen saver program.\n\n A flaw was found in the way gnome-screensaver verified user passwords. When\n a system used a remote directory service for login credentials, a local\n attacker able to cause a network outage could cause gnome-screensaver to\n crash, unlocking the screen. (CVE-2008-0887)\n \n Users of gnome-screensaver should upgrade to this updated package, which\n contains a backported patch to correct this issue.\";\n\ntag_affected = \"gnome-screensaver on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-April/msg00008.html\");\n script_id(870111);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0218-01\");\n script_cve_id(\"CVE-2008-0887\");\n script_name( \"RedHat Update for gnome-screensaver RHSA-2008:0218-01\");\n\n script_summary(\"Check for the Version of gnome-screensaver\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-screensaver\", rpm:\"gnome-screensaver~2.16.1~8.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-screensaver-debuginfo\", rpm:\"gnome-screensaver-debuginfo~2.16.1~8.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200804-12.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:60812", "href": "http://plugins.openvas.org/nasl.php?oid=60812", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200804-12 (gnome-screensaver)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"gnome-screensaver allows local users to bypass authentication under certain\nconfigurations.\";\ntag_solution = \"All gnome-screensaver users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=gnome-extra/gnome-screensaver-2.20.0-r3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200804-12\nhttp://bugs.gentoo.org/show_bug.cgi?id=213940\nhttp://www.gentoo.org/security/en/glsa/glsa-200705-14.xml\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200804-12.\";\n\n \n\nif(description)\n{\n script_id(60812);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-0887\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200804-12 (gnome-screensaver)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"gnome-extra/gnome-screensaver\", unaffected: make_list(\"ge 2.20.0-r3\"), vulnerable: make_list(\"lt 2.20.0-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "description": "Check for the Version of gnome-screensaver", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830579", "href": "http://plugins.openvas.org/nasl.php?oid=830579", "type": "openvas", "title": "Mandriva Update for gnome-screensaver MDVSA-2008:132 (gnome-screensaver)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for gnome-screensaver MDVSA-2008:132 (gnome-screensaver)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was found in gnome-screensaver prior to 2.22.1\n when a remote authentication server was enabled. During a network\n outage, gnome-screensaver would crash upon an unlock attempt,\n allowing physically local users to gain access to locked sessions\n (CVE-2008-0887).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"gnome-screensaver on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-07/msg00011.php\");\n script_id(830579);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:132\");\n script_cve_id(\"CVE-2008-0887\");\n script_name( \"Mandriva Update for gnome-screensaver MDVSA-2008:132 (gnome-screensaver)\");\n\n script_summary(\"Check for the Version of gnome-screensaver\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-screensaver\", rpm:\"gnome-screensaver~2.20.0~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "description": "Check for the Version of gnome-screensaver", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:1361412562310870040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870040", "type": "openvas", "title": "RedHat Update for gnome-screensaver RHSA-2008:0197-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gnome-screensaver RHSA-2008:0197-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"gnome-screensaver is the GNOME project's official screen saver program.\n\n A flaw was found in the way gnome-screensaver verified user passwords. When\n a system used a remote directory service for login credentials, a local\n attacker able to cause a network outage could cause gnome-screensaver to\n crash, unlocking the screen. (CVE-2008-0887)\n \n Users of gnome-screensaver should upgrade to this updated package, which\n contains a backported patch to correct this issue.\";\n\ntag_affected = \"gnome-screensaver on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-April/msg00003.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870040\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0197-01\");\n script_cve_id(\"CVE-2008-0887\");\n script_name( \"RedHat Update for gnome-screensaver RHSA-2008:0197-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of gnome-screensaver\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-screensaver\", rpm:\"gnome-screensaver~2.16.1~5.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-screensaver-debuginfo\", rpm:\"gnome-screensaver-debuginfo~2.16.1~5.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "description": "Oracle Linux Local Security Checks ELSA-2008-0218", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122585", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122585", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0218", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0218.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122585\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:48:38 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0218\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0218 - gnome-screensaver security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0218\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0218.html\");\n script_cve_id(\"CVE-2008-0887\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"gnome-screensaver\", rpm:\"gnome-screensaver~2.16.1~8.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2018-04-06T11:40:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xscreensaver\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065837", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065837", "type": "openvas", "title": "SLES10: Security update for xscreensaver", "sourceData": "#\n#VID slesp2-xscreensaver-5334\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for xscreensaver\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xscreensaver\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65837\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-0887\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"SLES10: Security update for xscreensaver\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xscreensaver\", rpm:\"xscreensaver~4.23~20.12\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "description": "Check for the Version of gnome-screensaver", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:1361412562310870111", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870111", "type": "openvas", "title": "RedHat Update for gnome-screensaver RHSA-2008:0218-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gnome-screensaver RHSA-2008:0218-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"gnome-screensaver is the GNOME project's official screen saver program.\n\n A flaw was found in the way gnome-screensaver verified user passwords. When\n a system used a remote directory service for login credentials, a local\n attacker able to cause a network outage could cause gnome-screensaver to\n crash, unlocking the screen. (CVE-2008-0887)\n \n Users of gnome-screensaver should upgrade to this updated package, which\n contains a backported patch to correct this issue.\";\n\ntag_affected = \"gnome-screensaver on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-April/msg00008.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870111\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0218-01\");\n script_cve_id(\"CVE-2008-0887\");\n script_name( \"RedHat Update for gnome-screensaver RHSA-2008:0218-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of gnome-screensaver\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-screensaver\", rpm:\"gnome-screensaver~2.16.1~8.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-screensaver-debuginfo\", rpm:\"gnome-screensaver-debuginfo~2.16.1~8.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xscreensaver\n xscreensaver-gnome\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5031340 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65155", "href": "http://plugins.openvas.org/nasl.php?oid=65155", "type": "openvas", "title": "SLES9: Security update for xscreensaver", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5031340.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for xscreensaver\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xscreensaver\n xscreensaver-gnome\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5031340 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65155);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-0887\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"SLES9: Security update for xscreensaver\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xscreensaver\", rpm:\"xscreensaver~4.16~2.31\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xscreensaver\n xscreensaver-gnome\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5031340 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065155", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065155", "type": "openvas", "title": "SLES9: Security update for xscreensaver", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5031340.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for xscreensaver\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xscreensaver\n xscreensaver-gnome\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5031340 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65155\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-0887\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"SLES9: Security update for xscreensaver\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xscreensaver\", rpm:\"xscreensaver~4.16~2.31\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "description": "Check for the Version of gnome-screensaver", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:870040", "href": "http://plugins.openvas.org/nasl.php?oid=870040", "type": "openvas", "title": "RedHat Update for gnome-screensaver RHSA-2008:0197-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gnome-screensaver RHSA-2008:0197-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"gnome-screensaver is the GNOME project's official screen saver program.\n\n A flaw was found in the way gnome-screensaver verified user passwords. When\n a system used a remote directory service for login credentials, a local\n attacker able to cause a network outage could cause gnome-screensaver to\n crash, unlocking the screen. (CVE-2008-0887)\n \n Users of gnome-screensaver should upgrade to this updated package, which\n contains a backported patch to correct this issue.\";\n\ntag_affected = \"gnome-screensaver on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-April/msg00003.html\");\n script_id(870040);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0197-01\");\n script_cve_id(\"CVE-2008-0887\");\n script_name( \"RedHat Update for gnome-screensaver RHSA-2008:0197-01\");\n\n script_summary(\"Check for the Version of gnome-screensaver\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-screensaver\", rpm:\"gnome-screensaver~2.16.1~5.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnome-screensaver-debuginfo\", rpm:\"gnome-screensaver-debuginfo~2.16.1~5.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:25:42", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0887"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0197\n\n\ngnome-screensaver is the GNOME project's official screen saver program.\r\n\r\nA flaw was found in the way gnome-screensaver verified user passwords. When\r\na system used a remote directory service for login credentials, a local\r\nattacker able to cause a network outage could cause gnome-screensaver to\r\ncrash, unlocking the screen. (CVE-2008-0887)\r\n\r\nUsers of gnome-screensaver should upgrade to this updated package, which\r\ncontains a backported patch to correct this issue.\r\n\r\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/026914.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/026915.html\n\n**Affected packages:**\ngnome-screensaver\n\n**Upstream details at:**\n", "edition": 3, "modified": "2008-04-24T02:22:02", "published": "2008-04-24T02:22:02", "href": "http://lists.centos.org/pipermail/centos-announce/2008-April/026914.html", "id": "CESA-2008:0197", "title": "gnome security update", "type": "centos", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:10", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0887"], "description": "gnome-screensaver is the GNOME project's official screen saver program.\r\n\r\nA flaw was found in the way gnome-screensaver verified user passwords. When\r\na system used a remote directory service for login credentials, a local\r\nattacker able to cause a network outage could cause gnome-screensaver to\r\ncrash, unlocking the screen. (CVE-2008-0887)\r\n\r\nUsers of gnome-screensaver should upgrade to this updated package, which\r\ncontains a backported patch to correct this issue.", "modified": "2017-09-08T12:19:35", "published": "2008-05-21T13:59:44", "id": "RHSA-2008:0218", "href": "https://access.redhat.com/errata/RHSA-2008:0218", "type": "redhat", "title": "(RHSA-2008:0218) Moderate: gnome-screensaver security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:33", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0887"], "description": "gnome-screensaver is the GNOME project's official screen saver program.\r\n\r\nA flaw was found in the way gnome-screensaver verified user passwords. When\r\na system used a remote directory service for login credentials, a local\r\nattacker able to cause a network outage could cause gnome-screensaver to\r\ncrash, unlocking the screen. (CVE-2008-0887)\r\n\r\nUsers of gnome-screensaver should upgrade to this updated package, which\r\ncontains a backported patch to correct this issue.\r\n\r\n", "modified": "2017-09-08T11:51:34", "published": "2008-04-02T04:00:00", "id": "RHSA-2008:0197", "href": "https://access.redhat.com/errata/RHSA-2008:0197", "type": "redhat", "title": "(RHSA-2008:0197) Moderate: gnome-screensaver security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:44", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0887"], "description": "[2.16.1-5.1]\nResolves: #436521\n- don't unlock the screen when pwent lookup fails", "edition": 4, "modified": "2008-04-02T00:00:00", "published": "2008-04-02T00:00:00", "id": "ELSA-2008-0197", "href": "http://linux.oracle.com/errata/ELSA-2008-0197.html", "title": "gnome-screensaver security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:34", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0887"], "description": "[2.16.1-8]\nResolves: #436522\n- rebuild against 5.1 nss\n[2.16.1-7]\nResolves: #436522\n- dont unlock the screen when pwent lookup fails\n[2.16.1-6]\nResolves: #245345\n- Add missing BuildRequires to fix fade in", "edition": 4, "modified": "2008-05-30T00:00:00", "published": "2008-05-30T00:00:00", "id": "ELSA-2008-0218", "href": "http://linux.oracle.com/errata/ELSA-2008-0218.html", "title": "gnome-screensaver security update", "type": "oraclelinux", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-01-07T11:51:53", "description": "A vulnerability was found in gnome-screensaver prior to 2.22.1 when a\nremote authentication server was enabled. During a network outage,\ngnome-screensaver would crash upon an unlock attempt, allowing\nphysically local users to gain access to locked sessions\n(CVE-2008-0887).\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : gnome-screensaver (MDVSA-2008:132)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:gnome-screensaver"], "id": "MANDRIVA_MDVSA-2008-132.NASL", "href": "https://www.tenable.com/plugins/nessus/37475", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:132. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37475);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0887\");\n script_bugtraq_id(28575);\n script_xref(name:\"MDVSA\", value:\"2008:132\");\n\n script_name(english:\"Mandriva Linux Security Advisory : gnome-screensaver (MDVSA-2008:132)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was found in gnome-screensaver prior to 2.22.1 when a\nremote authentication server was enabled. During a network outage,\ngnome-screensaver would crash upon an unlock attempt, allowing\nphysically local users to gain access to locked sessions\n(CVE-2008-0887).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-screensaver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnome-screensaver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gnome-screensaver-2.20.0-2.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:06:29", "description": "Update for advisory CVE-2008-0887\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2008-04-11T00:00:00", "title": "Fedora 7 : gnome-screensaver-2.18.2-4.fc7 (2008-2967)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "modified": "2008-04-11T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:gnome-screensaver"], "id": "FEDORA_2008-2967.NASL", "href": "https://www.tenable.com/plugins/nessus/31819", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-2967.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31819);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0887\");\n script_bugtraq_id(28575);\n script_xref(name:\"FEDORA\", value:\"2008-2967\");\n\n script_name(english:\"Fedora 7 : gnome-screensaver-2.18.2-4.fc7 (2008-2967)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update for advisory CVE-2008-0887\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=435773\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009188.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c64f5e4f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-screensaver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-screensaver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"gnome-screensaver-2.18.2-4.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-screensaver\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T14:44:15", "description": "An attacker could log in without a valid password if the NIS server is\ndown. (CVE-2008-0887)", "edition": 23, "published": "2008-06-26T00:00:00", "title": "openSUSE 10 Security Update : gnome-screensaver (gnome-screensaver-5172)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "modified": "2008-06-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gnome-screensaver", "cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2"], "id": "SUSE_GNOME-SCREENSAVER-5172.NASL", "href": "https://www.tenable.com/plugins/nessus/33267", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gnome-screensaver-5172.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33267);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0887\");\n\n script_name(english:\"openSUSE 10 Security Update : gnome-screensaver (gnome-screensaver-5172)\");\n script_summary(english:\"Check for the gnome-screensaver-5172 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An attacker could log in without a valid password if the NIS server is\ndown. (CVE-2008-0887)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-screensaver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnome-screensaver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"gnome-screensaver-2.16.1-30\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"gnome-screensaver-2.20.0-6.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-screensaver\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T12:44:08", "description": "From Red Hat Security Advisory 2008:0197 :\n\nAn updated gnome-screensaver package that fixes a security flaw is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\ngnome-screensaver is the GNOME project's official screen saver\nprogram.\n\nA flaw was found in the way gnome-screensaver verified user passwords.\nWhen a system used a remote directory service for login credentials, a\nlocal attacker able to cause a network outage could cause\ngnome-screensaver to crash, unlocking the screen. (CVE-2008-0887)\n\nUsers of gnome-screensaver should upgrade to this updated package,\nwhich contains a backported patch to correct this issue.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : gnome-screensaver (ELSA-2008-0197)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gnome-screensaver", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2008-0197.NASL", "href": "https://www.tenable.com/plugins/nessus/67673", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0197 and \n# Oracle Linux Security Advisory ELSA-2008-0197 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67673);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0887\");\n script_bugtraq_id(28575);\n script_xref(name:\"RHSA\", value:\"2008:0197\");\n\n script_name(english:\"Oracle Linux 5 : gnome-screensaver (ELSA-2008-0197)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0197 :\n\nAn updated gnome-screensaver package that fixes a security flaw is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\ngnome-screensaver is the GNOME project's official screen saver\nprogram.\n\nA flaw was found in the way gnome-screensaver verified user passwords.\nWhen a system used a remote directory service for login credentials, a\nlocal attacker able to cause a network outage could cause\ngnome-screensaver to crash, unlocking the screen. (CVE-2008-0887)\n\nUsers of gnome-screensaver should upgrade to this updated package,\nwhich contains a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-April/000558.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-screensaver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-screensaver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"gnome-screensaver-2.16.1-5.el5_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-screensaver\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T10:52:21", "description": "The remote host is affected by the vulnerability described in GLSA-200804-12\n(gnome-screensaver: Privilege escalation)\n\n gnome-screensaver incorrectly handles the results of the getpwuid()\n function in the file src/setuid.c when using directory servers (like\n NIS) during a network outage, a similar issue to GLSA 200705-14.\n \nImpact :\n\n A local user can crash gnome-xscreensaver by preventing network\n connectivity if the system uses a remote directory service for\n credentials such as NIS or LDAP, which will unlock the screen.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 27, "published": "2008-04-17T00:00:00", "title": "GLSA-200804-12 : gnome-screensaver: Privilege escalation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "modified": "2008-04-17T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:gnome-screensaver"], "id": "GENTOO_GLSA-200804-12.NASL", "href": "https://www.tenable.com/plugins/nessus/31959", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-12.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31959);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0887\");\n script_xref(name:\"GLSA\", value:\"200804-12\");\n\n script_name(english:\"GLSA-200804-12 : gnome-screensaver: Privilege escalation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-12\n(gnome-screensaver: Privilege escalation)\n\n gnome-screensaver incorrectly handles the results of the getpwuid()\n function in the file src/setuid.c when using directory servers (like\n NIS) during a network outage, a similar issue to GLSA 200705-14.\n \nImpact :\n\n A local user can crash gnome-xscreensaver by preventing network\n connectivity if the system uses a remote directory service for\n credentials such as NIS or LDAP, which will unlock the screen.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200705-14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All gnome-screensaver users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=gnome-extra/gnome-screensaver-2.20.0-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gnome-screensaver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"gnome-extra/gnome-screensaver\", unaffected:make_list(\"ge 2.20.0-r3\"), vulnerable:make_list(\"lt 2.20.0-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-screensaver\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T13:06:04", "description": "An updated gnome-screensaver package that fixes a security flaw is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\ngnome-screensaver is the GNOME project's official screen saver\nprogram.\n\nA flaw was found in the way gnome-screensaver verified user passwords.\nWhen a system used a remote directory service for login credentials, a\nlocal attacker able to cause a network outage could cause\ngnome-screensaver to crash, unlocking the screen. (CVE-2008-0887)\n\nUsers of gnome-screensaver should upgrade to this updated package,\nwhich contains a backported patch to correct this issue.", "edition": 28, "published": "2008-04-04T00:00:00", "title": "RHEL 5 : gnome-screensaver (RHSA-2008:0197)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "modified": "2008-04-04T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:gnome-screensaver", "cpe:/o:redhat:enterprise_linux:5.1"], "id": "REDHAT-RHSA-2008-0197.NASL", "href": "https://www.tenable.com/plugins/nessus/31755", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0197. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31755);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0887\");\n script_bugtraq_id(28575);\n script_xref(name:\"RHSA\", value:\"2008:0197\");\n\n script_name(english:\"RHEL 5 : gnome-screensaver (RHSA-2008:0197)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated gnome-screensaver package that fixes a security flaw is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\ngnome-screensaver is the GNOME project's official screen saver\nprogram.\n\nA flaw was found in the way gnome-screensaver verified user passwords.\nWhen a system used a remote directory service for login credentials, a\nlocal attacker able to cause a network outage could cause\ngnome-screensaver to crash, unlocking the screen. (CVE-2008-0887)\n\nUsers of gnome-screensaver should upgrade to this updated package,\nwhich contains a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0197\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-screensaver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnome-screensaver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0197\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gnome-screensaver-2.16.1-5.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gnome-screensaver-2.16.1-5.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gnome-screensaver-2.16.1-5.el5_1.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-screensaver\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T14:44:15", "description": "An attacker could log in without a valid password if the NIS server is\ndown. (CVE-2008-0887)", "edition": 23, "published": "2008-06-24T00:00:00", "title": "SuSE 10 Security Update : gnome-screensaver (ZYPP Patch Number 5179)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "modified": "2008-06-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GNOME-SCREENSAVER-5179.NASL", "href": "https://www.tenable.com/plugins/nessus/33251", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33251);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0887\");\n\n script_name(english:\"SuSE 10 Security Update : gnome-screensaver (ZYPP Patch Number 5179)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An attacker could log in without a valid password if the NIS server is\ndown. (CVE-2008-0887)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0887.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5179.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"gnome-screensaver-2.14.0-19.41.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"gnome-screensaver-2.14.0-19.41.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:06:29", "description": "Update for advisory CVE-2008-0887\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2008-04-11T00:00:00", "title": "Fedora 8 : gnome-screensaver-2.20.0-12.fc8 (2008-3017)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "modified": "2008-04-11T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:gnome-screensaver"], "id": "FEDORA_2008-3017.NASL", "href": "https://www.tenable.com/plugins/nessus/31826", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3017.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31826);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0887\");\n script_bugtraq_id(28575);\n script_xref(name:\"FEDORA\", value:\"2008-3017\");\n\n script_name(english:\"Fedora 8 : gnome-screensaver-2.20.0-12.fc8 (2008-3017)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update for advisory CVE-2008-0887\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=435773\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009231.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b39269a3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-screensaver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-screensaver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"gnome-screensaver-2.20.0-12.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-screensaver\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T09:25:18", "description": "An updated gnome-screensaver package that fixes a security flaw is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\ngnome-screensaver is the GNOME project's official screen saver\nprogram.\n\nA flaw was found in the way gnome-screensaver verified user passwords.\nWhen a system used a remote directory service for login credentials, a\nlocal attacker able to cause a network outage could cause\ngnome-screensaver to crash, unlocking the screen. (CVE-2008-0887)\n\nUsers of gnome-screensaver should upgrade to this updated package,\nwhich contains a backported patch to correct this issue.", "edition": 27, "published": "2010-01-06T00:00:00", "title": "CentOS 5 : gnome-screensaver (CESA-2008:0197)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "modified": "2010-01-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gnome-screensaver", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2008-0197.NASL", "href": "https://www.tenable.com/plugins/nessus/43679", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0197 and \n# CentOS Errata and Security Advisory 2008:0197 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43679);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-0887\");\n script_bugtraq_id(28575);\n script_xref(name:\"RHSA\", value:\"2008:0197\");\n\n script_name(english:\"CentOS 5 : gnome-screensaver (CESA-2008:0197)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated gnome-screensaver package that fixes a security flaw is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\ngnome-screensaver is the GNOME project's official screen saver\nprogram.\n\nA flaw was found in the way gnome-screensaver verified user passwords.\nWhen a system used a remote directory service for login credentials, a\nlocal attacker able to cause a network outage could cause\ngnome-screensaver to crash, unlocking the screen. (CVE-2008-0887)\n\nUsers of gnome-screensaver should upgrade to this updated package,\nwhich contains a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014876.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2d3ee2e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014877.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fceae510\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-screensaver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-screensaver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnome-screensaver-2.16.1-5.el5_1.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-screensaver\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T14:44:15", "description": "An attacker could log in without a valid password if the NIS server is\ndown. (CVE-2008-0887)", "edition": 24, "published": "2008-06-18T00:00:00", "title": "openSUSE 10 Security Update : gnome-screensaver (gnome-screensaver-5175)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0887"], "modified": "2008-06-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gnome-screensaver", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_GNOME-SCREENSAVER-5175.NASL", "href": "https://www.tenable.com/plugins/nessus/33215", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gnome-screensaver-5175.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33215);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0887\");\n\n script_name(english:\"openSUSE 10 Security Update : gnome-screensaver (gnome-screensaver-5175)\");\n script_summary(english:\"Check for the gnome-screensaver-5175 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An attacker could log in without a valid password if the NIS server is\ndown. (CVE-2008-0887)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-screensaver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnome-screensaver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"gnome-screensaver-2.14.0-19.41.8\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-screensaver\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:25", "bulletinFamily": "software", "cvelist": ["CVE-2008-0887"], "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200804-12\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: gnome-screensaver: Privilege escalation\r\n Date: April 11, 2008\r\n Bugs: #213940\r\n ID: 200804-12\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\ngnome-screensaver allows local users to bypass authentication under\r\ncertain configurations.\r\n\r\nBackground\r\n==========\r\n\r\ngnome-screensaver is a screensaver, designed to integrate with the\r\nGnome desktop, that can replace xscreensaver.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 gnome-extra/gnome-screensaver < 2.20.0-r3 >= 2.20.0-r3\r\n\r\nDescription\r\n===========\r\n\r\ngnome-screensaver incorrectly handles the results of the getpwuid()\r\nfunction in the file src/setuid.c when using directory servers (like\r\nNIS) during a network outage, a similar issue to GLSA 200705-14.\r\n\r\nImpact\r\n======\r\n\r\nA local user can crash gnome-xscreensaver by preventing network\r\nconnectivity if the system uses a remote directory service for\r\ncredentials such as NIS or LDAP, which will unlock the screen.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll gnome-screensaver users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=gnome-extra/gnome-screensaver-2.20.0-r3"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2008-0887\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0887\r\n [ 2 ] GLSA 200705-14\r\n http://www.gentoo.org/security/en/glsa/glsa-200705-14.xml\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200804-12.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2008 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5", "edition": 1, "modified": "2008-04-14T00:00:00", "published": "2008-04-14T00:00:00", "id": "SECURITYVULNS:DOC:19633", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19633", "title": "[ GLSA 200804-12 ] gnome-screensaver: Privilege escalation", "type": "securityvulns", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:29", "bulletinFamily": "software", "cvelist": ["CVE-2008-0887"], "description": "getpwuid() exceptional conditions are not handled.", "edition": 1, "modified": "2008-04-14T00:00:00", "published": "2008-04-14T00:00:00", "id": "SECURITYVULNS:VULN:8899", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8899", "title": "gnome-screensaver privilege escalation", "type": "securityvulns", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:36:07", "description": "BUGTRAQ ID: 28575\r\nCVE(CAN) ID: CVE-2008-0887\r\n\r\ngnome-screensaver\u662f\u7528\u4e8e\u53d6\u4ee3xscreensaver\u7684\u5c4f\u4fdd\u7a0b\u5e8f\u3002\r\n\r\ngnome-screensaver\u9a8c\u8bc1\u7528\u6237\u53e3\u4ee4\u7684\u65b9\u5f0f\u5b58\u5728\u6f0f\u6d1e\uff0c\u5982\u679c\u542f\u7528\u4e86\u8fdc\u7a0bNIS\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u8bdd\uff0c\u80fd\u591f\u5bfc\u81f4\u7f51\u7edc\u4e2d\u65ad\u7684\u672c\u5730\u653b\u51fb\u8005\u5c31\u53ef\u4ee5\u5bfc\u81f4gnome-screensaver\u5d29\u6e83\uff0c\u8fd9\u6837\u5c31\u6253\u5f00\u4e86\u9501\u5b9a\u7684\u5c4f\u5e55\u3002\r\n\r\n\n\nGNOME gnome-screensaver < 2.22.1\n GNOME\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://live.gnome.org/GnomeScreensaver/ target=_blank>http://live.gnome.org/GnomeScreensaver/</a>\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:0197-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:0197-01\uff1aModerate: gnome-screensaver security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-0197.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0197.html</a>", "published": "2008-07-09T00:00:00", "title": "Gnome\u5c4f\u4fdd\u7a0b\u5e8fNIS\u8ba4\u8bc1\u672c\u5730\u975e\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0887"], "modified": "2008-07-09T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3578", "id": "SSV:3578", "sourceData": "", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": ""}], "gentoo": [{"lastseen": "2016-09-06T19:46:18", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0887"], "description": "### Background\n\ngnome-screensaver is a screensaver, designed to integrate with the Gnome desktop, that can replace xscreensaver. \n\n### Description\n\ngnome-screensaver incorrectly handles the results of the getpwuid() function in the file src/setuid.c when using directory servers (like NIS) during a network outage, a similar issue to GLSA 200705-14. \n\n### Impact\n\nA local user can crash gnome-xscreensaver by preventing network connectivity if the system uses a remote directory service for credentials such as NIS or LDAP, which will unlock the screen. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll gnome-screensaver users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=gnome-extra/gnome-screensaver-2.20.0-r3\"", "edition": 1, "modified": "2008-04-11T00:00:00", "published": "2008-04-11T00:00:00", "id": "GLSA-200804-12", "href": "https://security.gentoo.org/glsa/200804-12", "type": "gentoo", "title": "gnome-screensaver: Privilege escalation", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:25:20", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6389", "CVE-2008-0887"], "description": "It was discovered that the notify feature in gnome-screensaver could let \na local attacker read the clipboard contents of a locked session by \nusing Ctrl-V. (CVE-2007-6389)\n\nAlan Matsuoka discovered that gnome-screensaver did not properly handle \nnetwork outages when using a remote authentication service. During a \nnetwork interruption, or by disconnecting the network cable, a local \nattacker could gain access to locked sessions. (CVE-2008-0887)", "edition": 5, "modified": "2008-11-11T00:00:00", "published": "2008-11-11T00:00:00", "id": "USN-669-1", "href": "https://ubuntu.com/security/notices/USN-669-1", "title": "gnome-screensaver vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6389", "CVE-2008-0887"], "description": "gnome-screensaver is a screen saver and locker that aims to have simple, sane, secure defaults and be well integrated with the desktop. ", "modified": "2008-04-09T05:19:33", "published": "2008-04-09T05:19:33", "id": "FEDORA:M395SDQC000461", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: gnome-screensaver-2.18.2-4.fc7", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6389", "CVE-2008-0887"], "description": "gnome-screensaver is a screen saver and locker that aims to have simple, sane, secure defaults and be well integrated with the desktop. ", "modified": "2008-04-09T05:22:40", "published": "2008-04-09T05:22:40", "id": "FEDORA:M395VK62000987", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: gnome-screensaver-2.20.0-12.fc8", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}]}