oss-sec mailing list archives
Re: CVE id request: xscreensaver
From: Steffen Joeris <steffen.joeris () skolelinux de>
Date: Sun, 25 May 2008 23:54:58 +1000
Hi On Sun, 25 May 2008 11:41:53 pm Tomas Hoger wrote:
On Sun, 25 May 2008 18:29:13 +1000 Steffen Joeris <steffen.joeris () skolelinux de> wrote:Pierre Habouzit discovered that resizing with the xrandr tool can crash xscreensaver. Debian Bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482385 The tested version of xscreensaver is 5.05-1, but at the moment there is no reason to assume that the bug did not exist in previous versions.Is there any known attack vector crossing trust boundary? Usage of xrandr should be fully under the control of the user running xscreensaver.
None that I know about. I assume that on a terminalserver it should not matter, since it would only crash the user's own xscreensaver and not others. However, users might not be aware of this and just try to lock their screens and leave. IMHO it could be treated as a low security issue. Cheers Steffen
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE id request: xscreensaver Steffen Joeris (May 25)
- Re: CVE id request: xscreensaver Tomas Hoger (May 25)
- Re: CVE id request: xscreensaver Steffen Joeris (May 25)
- Re: CVE id request: xscreensaver Nico Golde (May 25)
- Re: CVE id request: xscreensaver Bernhard R. Link (May 25)
- Re: CVE id request: xscreensaver Tomas Hoger (May 25)