Detections
Analytics
Mandrake Linux Security Advisory : xscreensaver (MDKSA-2007:097)
medium Nessus Plugin ID 25157
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
A problem with the way xscreensaver verifies user passwords was discovered by Alex Yamauchi. When a system is using remote authentication (i.e. LDAP) for logins, a local attacker able to cause a network outage on the system could cause xscreensaver to crash, which would unlock the screen.Updated packages have been patched to correct this issue.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 25157
File Name: mandrake_MDKSA-2007-097.nasl
Version: 1.20
Type: local
Family: Mandriva Local Security Checks
Published: 5/3/2007
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 4.7
Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:xscreensaver, p-cpe:/a:mandriva:linux:xscreensaver-base, p-cpe:/a:mandriva:linux:xscreensaver-common, p-cpe:/a:mandriva:linux:xscreensaver-extrusion, p-cpe:/a:mandriva:linux:xscreensaver-gl, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 5/2/2007
Reference Information
CVE: CVE-2007-1859, CVE-2008-0887
CWE: 287
MDKSA: 2007:097