VDB
CVE-2007-1859
CVE-2007-1859
PUBLISHED
CVSS 4.599999904632568 MEDIUM
XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.
EPSS 0.09% · 25.1th percentile
Risk Scores
CVSS 2.0
4.599999904632568
EPSS Score
0.09%
25.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| xscreensaver | xscreensaver | 4.10 |
Timeline
- May 2, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 25610 third-party-advisory
- 25119 third-party-advisory
- 25105 third-party-advisory
- 25065 third-party-advisory
- 25116 third-party-advisory
- oval:org.mitre.oval:def:11459 vdb
- 25225 third-party-advisory
- MDKSA-2007:097 vendor-advisory
- SUSE-SR:2007:009 vendor-advisory
- https://issues.rpath.com/browse/RPL-1293 url
- 35531 vdb
- 23783 vdb
- xscreensaver-getpwuid-authentication-bypass(34054) vdb
- RHSA-2007:0322 vendor-advisory
- 25118 third-party-advisory
- 1017996 vdb
- USN-474-1 vendor-advisory
- GLSA-200705-14 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2007-1859 advisory