4.6
CVE-2007-1859
- EPSS 0.05%
- Published 02.05.2007 20:19:00
- Last modified 09.04.2025 00:30:58
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.
Data is provided by the National Vulnerability Database (NVD)
Xscreensaver ≫ Xscreensaver Version4.10
Redhat ≫ Enterprise Linux Version2.1 Editionadvanced_server
Redhat ≫ Enterprise Linux Version2.1 Editionenterprise_server
Redhat ≫ Enterprise Linux Version2.1 Editionworkstation
Redhat ≫ Enterprise Linux Version3.0 Editionadvanced_servers
Redhat ≫ Enterprise Linux Version3.0 Editionenterprise_server
Redhat ≫ Enterprise Linux Version3.0 Editionworkstation
Redhat ≫ Enterprise Linux Version4.0 Editionadvanced_server
Redhat ≫ Enterprise Linux Version4.0 Editionenterprise_server
Redhat ≫ Enterprise Linux Version4.0 Editionworkstation
Redhat ≫ Enterprise Linux Desktop Version3.0
Redhat ≫ Enterprise Linux Desktop Version4.0
Redhat ≫ Linux Advanced Workstation Version2.1 Editionitanium
Redhat ≫ Enterprise Linux Version2.1 Editionenterprise_server
Redhat ≫ Enterprise Linux Version2.1 Editionworkstation
Redhat ≫ Enterprise Linux Version3.0 Editionadvanced_servers
Redhat ≫ Enterprise Linux Version3.0 Editionenterprise_server
Redhat ≫ Enterprise Linux Version3.0 Editionworkstation
Redhat ≫ Enterprise Linux Version4.0 Editionadvanced_server
Redhat ≫ Enterprise Linux Version4.0 Editionenterprise_server
Redhat ≫ Enterprise Linux Version4.0 Editionworkstation
Redhat ≫ Enterprise Linux Desktop Version3.0
Redhat ≫ Enterprise Linux Desktop Version4.0
Redhat ≫ Linux Advanced Workstation Version2.1 Editionitanium
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.145 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.