Authentication flaw

2019-11-2718:15:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.

CPENameOperatorVersion
debian_linuxeq8.0
debian_linuxeq9.0
debian_linuxeq10.0
xscreensaverlt5.14

Name	Operator	Version
debian_linux	eq	8.0
debian_linux	eq	9.0
debian_linux	eq	10.0
xscreensaver	lt	5.14

References

access.redhat.com/security/cve/cve-2011-2187

bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382

bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187

security-tracker.debian.org/tracker/CVE-2011-2187

www.jwz.org/xscreensaver/changelog.html

www.openwall.com/lists/oss-security/2011/06/06/17