CVE-2003-1294

Name of the Vulnerable Software and Affected Versions Xscreensaver versions prior to 4.15

Description The issue allows local users to overwrite arbitrary files via a symlink attack due to insecure creation of temporary files in several components, including driver/passwd-kerberos.c, driver/xscreensaver-getimage-video, driver/xscreensaver.kss.in, and the vidwhacker and webcollage screensavers.

Recommendations For versions prior to 4.15, update to version 4.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected components, such as the vidwhacker and webcollage screensavers, until the update is applied.