oss-sec mailing list archives

Re: CVE Request -- xscreensaver -- exits when activated

From: Josh Bressers <bressers () redhat com>
Date: Mon, 6 Jun 2011 13:51:29 -0400 (EDT)



----- Original Message -----

Hello, Josh, Steve, vendors,

it was found that xscreensaver terminated, when it was activated upon
launch. A local proximate attacker could use this deficiency to access
resources, which should be otherwise protected by authentication.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382
[2] https://bugzilla.redhat.com/show_bug.cgi?id=703483


Please use CVE-2011-2187.

This deserves an ID as the error probably won't happen until a few minutes
afer a user leaves the keyboard.

Thanks.

-- 
    JB

Current thread:

CVE Request -- xscreensaver -- exits when activated Jan Lieskovsky (Jun 03)
- Re: CVE Request -- xscreensaver -- exits when activated Josh Bressers (Jun 06)