blob: 0362ccb775d8e1e3789ff958c1d0e6a61d0e0693 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200705-14">
<title>XScreenSaver: Privilege escalation</title>
XScreenSaver allows local users to bypass authentication under certain
<product type="ebuild">xscreensaver</product>
<announced>May 13, 2007</announced>
<revised>May 13, 2007: 01</revised>
<package name="x11-misc/xscreensaver" auto="yes" arch="*">
<unaffected range="ge">5.02</unaffected>
<vulnerable range="lt">5.02</vulnerable>
XScreenSaver is a widely used screen saver collection shipped on
systems running the X11 Window System.
XScreenSaver incorrectly handles the results of the getpwuid() function
in drivers/lock.c when using directory servers during a network outage.
<impact type="normal">
A local user can crash XScreenSaver by preventing network connectivity
if the system uses a remote directory service for credentials such as
NIS or LDAP, which will unlock the screen.
There is no known workaround at this time.
All XScreenSaver users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=x11-misc/xscreensaver-5.02&quot;</code>
<uri link="">CVE-2007-1859</uri>
<metadata tag="requester" timestamp="Tue, 08 May 2007 10:52:36 +0000">
<metadata tag="submitter" timestamp="Tue, 08 May 2007 15:43:15 +0000">
<metadata tag="bugReady" timestamp="Sun, 13 May 2007 21:32:41 +0000">