4.6
CVE-2007-1859
- EPSS 0.41%
- Veröffentlicht 02.05.2007 20:19:00
- Zuletzt bearbeitet 16.06.2026 22:38:26
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Xscreensaver ≫ Xscreensaver Version4.10
Redhat ≫ Enterprise Linux Version2.1 Editionadvanced_server
Redhat ≫ Enterprise Linux Version2.1 Editionenterprise_server
Redhat ≫ Enterprise Linux Version2.1 Editionworkstation
Redhat ≫ Enterprise Linux Version3.0 Editionadvanced_servers
Redhat ≫ Enterprise Linux Version3.0 Editionenterprise_server
Redhat ≫ Enterprise Linux Version3.0 Editionworkstation
Redhat ≫ Enterprise Linux Version4.0 Editionadvanced_server
Redhat ≫ Enterprise Linux Version4.0 Editionenterprise_server
Redhat ≫ Enterprise Linux Version4.0 Editionworkstation
Redhat ≫ Enterprise Linux Desktop Version3.0
Redhat ≫ Enterprise Linux Desktop Version4.0
Redhat ≫ Linux Advanced Workstation Version2.1 Editionitanium
Redhat ≫ Enterprise Linux Version2.1 Editionenterprise_server
Redhat ≫ Enterprise Linux Version2.1 Editionworkstation
Redhat ≫ Enterprise Linux Version3.0 Editionadvanced_servers
Redhat ≫ Enterprise Linux Version3.0 Editionenterprise_server
Redhat ≫ Enterprise Linux Version3.0 Editionworkstation
Redhat ≫ Enterprise Linux Version4.0 Editionadvanced_server
Redhat ≫ Enterprise Linux Version4.0 Editionenterprise_server
Redhat ≫ Enterprise Linux Version4.0 Editionworkstation
Redhat ≫ Enterprise Linux Desktop Version3.0
Redhat ≫ Enterprise Linux Desktop Version4.0
Redhat ≫ Linux Advanced Workstation Version2.1 Editionitanium
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.328 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://secunia.com/advisories/25119
http://www.novell.com/linux/security/advisories/2007_9_sr.html
http://osvdb.org/35531
http://secunia.com/advisories/25065
http://secunia.com/advisories/25105
http://secunia.com/advisories/25116
http://secunia.com/advisories/25118
http://secunia.com/advisories/25225
http://secunia.com/advisories/25610
http://security.gentoo.org/glsa/glsa-200705-14.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:097
http://www.redhat.com/support/errata/RHSA-2007-0322.html
http://www.securityfocus.com/bid/23783
http://www.securitytracker.com/id?1017996
http://www.ubuntu.com/usn/usn-474-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/34054
https://issues.rpath.com/browse/RPL-1293
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11459