ID CVE-2008-0887
Summary gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.
References
Vulnerable Configurations
  • cpe:2.3:a:gnome:screensaver:*:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:screensaver:*:*:*:*:*:*:*:*
CVSS
Base: 4.7 (as of 29-09-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:N/I:N/A:C
oval via4
accepted 2013-04-29T04:09:00.511-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.
family unix
id oval:org.mitre.oval:def:10813
status accepted
submitted 2010-07-09T03:56:16-04:00
title gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.
version 19
redhat via4
advisories
  • bugzilla
    id 435773
    title CVE-2008-0887 gnome-screensaver using NIS auth will unlock if NIS goes away
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • comment gnome-screensaver is earlier than 0:2.16.1-5.el5_1.1
      oval oval:com.redhat.rhsa:tst:20080197002
    • comment gnome-screensaver is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20080197003
    rhsa
    id RHSA-2008:0197
    released 2008-04-02
    severity Moderate
    title RHSA-2008:0197: gnome-screensaver security update (Moderate)
  • bugzilla
    id 435773
    title CVE-2008-0887 gnome-screensaver using NIS auth will unlock if NIS goes away
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • comment gnome-screensaver is earlier than 0:2.16.1-8.el5
      oval oval:com.redhat.rhsa:tst:20080218002
    • comment gnome-screensaver is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20080197003
    rhsa
    id RHSA-2008:0218
    released 2008-04-03
    severity Moderate
    title RHSA-2008:0218: gnome-screensaver security update (Moderate)
rpms
  • gnome-screensaver-0:2.16.1-5.el5_1.1
  • gnome-screensaver-0:2.16.1-8.el5
refmap via4
bid 28575
confirm https://bugzilla.redhat.com/show_bug.cgi?id=435773
fedora
  • FEDORA-2008-2967
  • FEDORA-2008-3017
gentoo GLSA-200804-12
mandriva MDVSA-2008:132
osvdb 35531
sectrack 1019749
secunia
  • 29595
  • 29606
  • 29742
  • 29759
  • 30967
  • 32691
suse SUSE-SR:2008:014
ubuntu USN-669-1
Last major update 29-09-2017 - 01:30
Published 06-04-2008 - 23:44
Back to Top