Executive Summary
| Summary | |
|---|---|
| Title | xscreensaver vulnerability |
| Informations | |||
|---|---|---|---|
| Name | USN-269-1 | First vendor Publication | 2006-04-11 |
| Vendor | Ubuntu | Last vendor Modification | 2006-04-11 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:C/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5.4 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: xscreensaver xscreensaver-gl xscreensaver-gnome xscreensaver-nognome The problem can be corrected by upgrading the affected package to version 4.16-1ubuntu3.1 (for Ubuntu 4.10), or 4.16-1ubuntu11.1 (for Ubuntu 5.04). After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: In some cases, xscreensaver did not properly grab the keyboard when reading the password for unlocking the screen, so that the password was typed into the currently active application window. The only known vulnerable case was when xscreensaver activated while an rdesktop session was currently active. |
Original Source
| Url : http://www.ubuntu.com/usn/USN-269-1 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10096 | |||
| Oval ID: | oval:org.mitre.oval:def:10096 | ||
| Title: | rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen. | ||
| Description: | rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-2655 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-10 | Name : SLES9: Security update for xscreensaver File : nvt/sles9p5017699.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 26167 | XScreenSaver Keyboard Focus Weakness Cleartext Password Disclosure |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-07-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0498.nasl - Type : ACT_GATHER_INFO |
| 2006-05-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0498.nasl - Type : ACT_GATHER_INFO |
| 2006-04-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-269-1.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:03:22 |
|
