Executive Summary

Informations
Name CVE-2008-0887 First vendor Publication 2008-04-06
Vendor Cve Last vendor Modification 2017-09-29

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 4.7 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0887

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10813
 
Oval ID: oval:org.mitre.oval:def:10813
Title: gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.
Description: gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.
Family: unix Class: vulnerability
Reference(s): CVE-2008-0887
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17707
 
Oval ID: oval:org.mitre.oval:def:17707
Title: USN-669-1 -- gnome-screensaver vulnerabilities
Description: It was discovered that the notify feature in gnome-screensaver could let a local attacker read the clipboard contents of a locked session by using Ctrl-V.
Family: unix Class: patch
Reference(s): USN-669-1
CVE-2007-6389
CVE-2008-0887
 Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.10
 Product(s): gnome-screensaver
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21852
 
Oval ID: oval:org.mitre.oval:def:21852
Title: ELSA-2008:0218: gnome-screensaver security update (Moderate)
Description: gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.
Family: unix Class: patch
Reference(s): ELSA-2008:0218-01
CVE-2008-0887
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): gnome-screensaver
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22162
 
Oval ID: oval:org.mitre.oval:def:22162
Title: ELSA-2008:0197: gnome-screensaver security update (Moderate)
Description: gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.
Family: unix Class: patch
Reference(s): ELSA-2008:0197-01
CVE-2008-0887
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): gnome-screensaver
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5

OpenVAS Exploits

Date Description
2009-10-13 Name : SLES10: Security update for xscreensaver
File : nvt/sles10_xscreensaver.nasl
2009-10-10 Name : SLES9: Security update for xscreensaver
File : nvt/sles9p5031340.nasl
2009-04-09 Name : Mandriva Update for gnome-screensaver MDVSA-2008:132 (gnome-screensaver)
File : nvt/gb_mandriva_MDVSA_2008_132.nasl
2009-03-23 Name : Ubuntu Update for gnome-screensaver vulnerabilities USN-669-1
File : nvt/gb_ubuntu_USN_669_1.nasl
2009-03-06 Name : RedHat Update for gnome-screensaver RHSA-2008:0197-01
File : nvt/gb_RHSA-2008_0197-01_gnome-screensaver.nasl
2009-03-06 Name : RedHat Update for gnome-screensaver RHSA-2008:0218-01
File : nvt/gb_RHSA-2008_0218-01_gnome-screensaver.nasl
2009-02-17 Name : Fedora Update for gnome-screensaver FEDORA-2008-3017
File : nvt/gb_fedora_2008_3017_gnome-screensaver_fc8.nasl
2009-02-16 Name : Fedora Update for gnome-screensaver FEDORA-2008-2967
File : nvt/gb_fedora_2008_2967_gnome-screensaver_fc7.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200804-12 (gnome-screensaver)
File : nvt/glsa_200804_12.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
43986 gnome-screensaver NIS Authentication Method Screen Lock Bypass

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2008-0197.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20080402_gnome_screensaver_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2008-0197.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12174.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-669-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2008-132.nasl - Type : ACT_GATHER_INFO
2008-07-28 Name : The remote openSUSE host is missing a security update.
File : suse_xscreensaver-5333.nasl - Type : ACT_GATHER_INFO
2008-07-28 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xscreensaver-5334.nasl - Type : ACT_GATHER_INFO
2008-06-26 Name : The remote openSUSE host is missing a security update.
File : suse_gnome-screensaver-5172.nasl - Type : ACT_GATHER_INFO
2008-06-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_gnome-screensaver-5179.nasl - Type : ACT_GATHER_INFO
2008-06-18 Name : The remote openSUSE host is missing a security update.
File : suse_gnome-screensaver-5175.nasl - Type : ACT_GATHER_INFO
2008-05-22 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0218.nasl - Type : ACT_GATHER_INFO
2008-04-17 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200804-12.nasl - Type : ACT_GATHER_INFO
2008-04-11 Name : The remote Fedora host is missing a security update.
File : fedora_2008-3017.nasl - Type : ACT_GATHER_INFO
2008-04-11 Name : The remote Fedora host is missing a security update.
File : fedora_2008-2967.nasl - Type : ACT_GATHER_INFO
2008-04-04 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0197.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-474-1.nasl - Type : ACT_GATHER_INFO
2007-05-03 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-097.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/28575
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=435773
FEDORA https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00163.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00206.html
GENTOO http://security.gentoo.org/glsa/glsa-200804-12.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:132
OSVDB http://osvdb.org/35531
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://rhn.redhat.com/errata/RHSA-2008-0197.html
http://www.redhat.com/support/errata/RHSA-2008-0218.html
SECTRACK http://securitytracker.com/id?1019749
SECUNIA http://secunia.com/advisories/29595
http://secunia.com/advisories/29606
http://secunia.com/advisories/29742
http://secunia.com/advisories/29759
http://secunia.com/advisories/30967
http://secunia.com/advisories/32691
SUSE http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
UBUNTU http://www.ubuntu.com/usn/USN-669-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2023-08-04 01:02:30
  • Multiple Updates
2021-05-04 12:07:08
  • Multiple Updates
2021-04-22 01:07:34
  • Multiple Updates
2020-05-23 01:39:08
  • Multiple Updates
2020-05-23 00:21:17
  • Multiple Updates
2017-09-29 09:23:25
  • Multiple Updates
2016-06-28 17:11:42
  • Multiple Updates
2016-04-26 17:08:45
  • Multiple Updates
2014-02-17 10:43:49
  • Multiple Updates
2013-05-11 00:09:52
  • Multiple Updates
2012-11-07 00:16:28
  • Multiple Updates