xscreensaver
Page content
- Author: voroskoi
- Vulnerable: 5.01-1
- Unaffected: 5.01-2terminus1
Alex Yamauchi has reported a weakness in XScreenSaver, which potentially can be exploited by malicious people to bypass certain security restrictions. The weakness is caused due to an error within the parsing of results of a call to “getpwuid()” in drivers/lock.c when using directory servers during a network outage. This can be exploited to e.g. crash XScreenSaver and thus gain access to a locked system.
- Bug Tracker URL: http://bugs.frugalware.org/task/2013