PT-2003-2239 · Xscreensaver · Xscreensaver

Stan Bubrouski

Published

2003-12-31

Updated

2017-10-11

CVE-2003-1294

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Xscreensaver versions prior to 4.15

Description The issue allows local users to overwrite arbitrary files via a symlink attack due to insecure creation of temporary files in several components, including driver/passwd-kerberos.c, driver/xscreensaver-getimage-video, driver/xscreensaver.kss.in, and the vidwhacker and webcollage screensavers.

Recommendations For versions prior to 4.15, update to version 4.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected components, such as the vidwhacker and webcollage screensavers, until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-1294

RHSA-2006:0498

Affected Products

Xscreensaver

PT-2003-2239 · Xscreensaver · Xscreensaver

CVE-2003-1294

Related Identifiers

Affected Products

References · 18