CVE-2007-1859

Name of the Vulnerable Software and Affected Versions: xscreensaver versions prior to 5.02 xscreensaver version 3.33 xscreensaver version 4.10 xscreensaver version 4.18

Description: The issue affects the xscreensaver package and can lead to a breach of confidentiality, integrity, and availability of protected information. Exploitation can be performed both locally and remotely. In certain cases, when using a remote directory service for credentials and there is no network connectivity, xscreensaver may crash and unlock the screen, allowing local users to bypass authentication.

Recommendations: For xscreensaver versions prior to 5.02, update to version 5.02 or later to resolve the issue. For xscreensaver version 3.33, consider disabling the use of remote directory services for credentials until a patch is available. For xscreensaver version 4.10, restrict access to the getpwuid function in drivers/lock.c to minimize the risk of exploitation. For xscreensaver version 4.18, avoid using the package until a fixed version is released.