Auth bypass in Xscreensaver

CVE-2007-1859

XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unloc…

Vulnerability class: Broken Authentication

EPSS: 0.004 (32.8th percentile) — read the EPSS interpretation.

Affected products

Xscreensaver — versions 4.10
Redhat Enterprise_linux — versions 2.1, 3.0, 4.0
Redhat Enterprise_linux_desktop — versions 3.0, 4.0
Redhat Linux_advanced_workstation — versions 2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_OVAL, signature, vdb-entry)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM)