PT-2021-19404 · Debian · Xscreensaver
Tavis Ormandy
·
Published
2021-04-21
·
Updated
2021-04-29
·
CVE-2021-31523
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Debian xscreensaver version 5.42+dfsg1-1
Description
The issue arises from the Debian xscreensaver package having the cap net raw capability enabled for the /usr/libexec/xscreensaver/sonar file. This setting can be exploited by local users to gain privileges, potentially due to incompatibility with the design of the Mesa 3D Graphics library dependency.
Recommendations
For Debian xscreensaver version 5.42+dfsg1-1, consider disabling the cap net raw capability for the /usr/libexec/xscreensaver/sonar file as a temporary workaround to minimize the risk of exploitation.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xscreensaver