Vulnerabilites related to xscreensaver_project - xscreensaver
cve-2021-31523
Vulnerability from cvelistv5
Published
2021-04-21 18:41
Modified
2024-08-03 23:03
Severity ?
EPSS score ?
Summary
The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2021/04/17/1 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/04/21/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/04/17/1"
},
{
"name": "[oss-security] 20210421 Re: xscreensaver package caps gets raw socket",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/21/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-21T20:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/04/17/1"
},
{
"name": "[oss-security] 20210421 Re: xscreensaver package caps gets raw socket",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/21/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2021/04/17/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/04/17/1"
},
{
"name": "[oss-security] 20210421 Re: xscreensaver package caps gets raw socket",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/21/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31523",
"datePublished": "2021-04-21T18:41:23",
"dateReserved": "2021-04-21T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2187
Vulnerability from cvelistv5
Published
2019-11-27 17:28
Modified
2024-08-06 22:53
Severity ?
EPSS score ?
Summary
xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-2187 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2011-2187 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2011/06/06/17 | mailing-list, x_refsource_MLIST | |
| https://www.jwz.org/xscreensaver/changelog.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| xscreensaver | xscreensaver |
Version: before 5.14 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2187"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2187"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382"
},
{
"name": "[oss-security] 20110606 Re: CVE Request -- xscreensaver -- exits when activated",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/06/17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jwz.org/xscreensaver/changelog.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xscreensaver",
"vendor": "xscreensaver",
"versions": [
{
"status": "affected",
"version": "before 5.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "exits when activated (DPMSForceLevel)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T17:28:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2187"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2187"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382"
},
{
"name": "[oss-security] 20110606 Re: CVE Request -- xscreensaver -- exits when activated",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/06/17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jwz.org/xscreensaver/changelog.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xscreensaver",
"version": {
"version_data": [
{
"version_value": "before 5.14"
}
]
}
}
]
},
"vendor_name": "xscreensaver"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "exits when activated (DPMSForceLevel)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-2187",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2187"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187"
},
{
"name": "https://access.redhat.com/security/cve/cve-2011-2187",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2011-2187"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382"
},
{
"name": "[oss-security] 20110606 Re: CVE Request -- xscreensaver -- exits when activated",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2011/06/06/17"
},
{
"name": "https://www.jwz.org/xscreensaver/changelog.html",
"refsource": "MISC",
"url": "https://www.jwz.org/xscreensaver/changelog.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2187",
"datePublished": "2019-11-27T17:28:08",
"dateReserved": "2011-05-31T00:00:00",
"dateUpdated": "2024-08-06T22:53:17.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34557
Vulnerability from cvelistv5
Published
2021-06-10 15:54
Modified
2024-08-04 00:12
Severity ?
EPSS score ?
Summary
XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/QubesOS/qubes-issues/issues/6595 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2021/06/05/1 | x_refsource_MISC | |
| https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt | x_refsource_MISC | |
| https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/06/11/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2021/07/06/2 | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/QubesOS/qubes-issues/issues/6595"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/06/05/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch"
},
{
"name": "[oss-security] 20210611 Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/11/1"
},
{
"name": "[oss-security] 20210706 xscreensaver 5.45 crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/06/2"
},
{
"name": "FEDORA-2021-5af4452ffd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-19T02:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/QubesOS/qubes-issues/issues/6595"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/06/05/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch"
},
{
"name": "[oss-security] 20210611 Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/11/1"
},
{
"name": "[oss-security] 20210706 xscreensaver 5.45 crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/06/2"
},
{
"name": "FEDORA-2021-5af4452ffd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-34557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/QubesOS/qubes-issues/issues/6595",
"refsource": "MISC",
"url": "https://github.com/QubesOS/qubes-issues/issues/6595"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/06/05/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/06/05/1"
},
{
"name": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt",
"refsource": "MISC",
"url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt"
},
{
"name": "https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch",
"refsource": "MISC",
"url": "https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch"
},
{
"name": "[oss-security] 20210611 Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/06/11/1"
},
{
"name": "[oss-security] 20210706 xscreensaver 5.45 crash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/07/06/2"
},
{
"name": "FEDORA-2021-5af4452ffd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-34557",
"datePublished": "2021-06-10T15:54:35",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-08-04T00:12:50.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8025
Vulnerability from cvelistv5
Published
2015-11-10 16:00
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.jwz.org/blog/2015/10/xscreensaver-5-34/ | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1034052 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2016/dsa-3438 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/10/24/2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2015/10/25/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2015/10/29/12 | mailing-list, x_refsource_MLIST | |
| https://twitter.com/Thaolia/status/656823859304398848 | x_refsource_MISC | |
| http://www.ubuntu.com/usn/USN-2789-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jwz.org/blog/2015/10/xscreensaver-5-34/"
},
{
"name": "1034052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034052"
},
{
"name": "openSUSE-SU-2015:2032",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html"
},
{
"name": "DSA-3438",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3438"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "[oss-security] 20151024 CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/24/2"
},
{
"name": "[oss-security] 20151025 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/25/1"
},
{
"name": "[oss-security] 20151029 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/29/12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/Thaolia/status/656823859304398848"
},
{
"name": "USN-2789-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2789-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jwz.org/blog/2015/10/xscreensaver-5-34/"
},
{
"name": "1034052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034052"
},
{
"name": "openSUSE-SU-2015:2032",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html"
},
{
"name": "DSA-3438",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3438"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "[oss-security] 20151024 CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/24/2"
},
{
"name": "[oss-security] 20151025 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/25/1"
},
{
"name": "[oss-security] 20151029 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/29/12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/Thaolia/status/656823859304398848"
},
{
"name": "USN-2789-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2789-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jwz.org/blog/2015/10/xscreensaver-5-34/",
"refsource": "CONFIRM",
"url": "https://www.jwz.org/blog/2015/10/xscreensaver-5-34/"
},
{
"name": "1034052",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034052"
},
{
"name": "openSUSE-SU-2015:2032",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html"
},
{
"name": "DSA-3438",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3438"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "[oss-security] 20151024 CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/24/2"
},
{
"name": "[oss-security] 20151025 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/25/1"
},
{
"name": "[oss-security] 20151029 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/29/12"
},
{
"name": "https://twitter.com/Thaolia/status/656823859304398848",
"refsource": "MISC",
"url": "https://twitter.com/Thaolia/status/656823859304398848"
},
{
"name": "USN-2789-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2789-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8025",
"datePublished": "2015-11-10T16:00:00",
"dateReserved": "2015-10-29T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2015-11-10 17:59
Modified
2024-11-21 02:37
Severity ?
Summary
driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| xscreensaver_project | xscreensaver | 5.33 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xscreensaver_project:xscreensaver:5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "1E905914-5F5A-44E7-BE79-8175DBC53EEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors."
},
{
"lang": "es",
"value": "driver/subprocs.c en XScreenSaver en versiones anteriores a 5.34 no lleva a cabo correctamente una comprobaci\u00f3n de consistencia interna, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos eludir la pantalla de bloqueo cambiando los monitores sin apagar el dispositivo."
}
],
"id": "CVE-2015-8025",
"lastModified": "2024-11-21T02:37:52.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-10T17:59:11.653",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3438"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/24/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/10/25/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/10/29/12"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034052"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2789-1"
},
{
"source": "cve@mitre.org",
"url": "https://twitter.com/Thaolia/status/656823859304398848"
},
{
"source": "cve@mitre.org",
"url": "https://www.jwz.org/blog/2015/10/xscreensaver-5-34/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/24/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/10/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/10/29/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2789-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://twitter.com/Thaolia/status/656823859304398848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.jwz.org/blog/2015/10/xscreensaver-5-34/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-27 18:15
Modified
2024-11-21 01:27
Severity ?
Summary
xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xscreensaver_project | xscreensaver | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xscreensaver_project:xscreensaver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C216376E-2C9E-4AF1-BFB8-2424BAEF1AB6",
"versionEndExcluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication."
},
{
"lang": "es",
"value": "xscreensaver versiones anteriores a la versi\u00f3n 5.14, se bloquea durante la activaci\u00f3n y deja la pantalla desbloqueada cuando est\u00e1 en Modo Blank Only y cuando DPMS est\u00e1 desactivado, lo que permite a atacantes locales acceder a los recursos sin identificaci\u00f3n"
}
],
"id": "CVE-2011-2187",
"lastModified": "2024-11-21T01:27:46.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-27T18:15:10.927",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2187"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2187"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.jwz.org/xscreensaver/changelog.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/06/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.jwz.org/xscreensaver/changelog.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/06/17"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-10 16:15
Modified
2024-11-21 06:10
Severity ?
Summary
XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xscreensaver_project | xscreensaver | 5.45 | |
| fedoraproject | fedora | 33 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xscreensaver_project:xscreensaver:5.45:*:*:*:*:*:*:*",
"matchCriteriaId": "849AE900-753F-4BF8-9F31-C2EC13605D23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs."
},
{
"lang": "es",
"value": "XScreenSaver versi\u00f3n 5.45 puede ser omitido si la m\u00e1quina tiene m\u00e1s de diez salidas de v\u00eddeo desconectables. Un desbordamiento de b\u00fafer en la funci\u00f3n update_screen_layout() permite a un atacante omitir el mecanismo de autenticaci\u00f3n de bloqueo de pantalla est\u00e1ndar, al bloquear a XScreenSaver. El atacante debe desconectar f\u00edsicamente muchas salidas de v\u00eddeo"
}
],
"id": "CVE-2021-34557",
"lastModified": "2024-11-21T06:10:40.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-10T16:15:08.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/11/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/06/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/QubesOS/qubes-issues/issues/6595"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2021/06/05/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/06/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/QubesOS/qubes-issues/issues/6595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2021/06/05/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-21 19:15
Modified
2024-11-21 06:05
Severity ?
Summary
The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/04/21/3 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2021/04/17/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/04/21/3 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2021/04/17/1 | Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xscreensaver_project | xscreensaver | 5.42\+dfsg1-1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xscreensaver_project:xscreensaver:5.42\\+dfsg1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C47371-5E1C-4036-96DE-381926EB96FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency."
},
{
"lang": "es",
"value": "El paquete Debian xscreensaver versi\u00f3n 5.42+dfsg1-1 para XScreenSaver presenta la funci\u00f3n cap_net_raw habilitado para el archivo /usr/libexec/xscreensaver/sonar, lo que permite a usuarios locales alcanzar privilegios porque podr\u00eda decirse que esto es incompatible con el dise\u00f1o de la dependencia de la biblioteca Mesa 3D Graphics"
}
],
"id": "CVE-2021-31523",
"lastModified": "2024-11-21T06:05:51.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-21T19:15:35.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/21/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2021/04/17/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/21/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2021/04/17/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}