CVE-2003-1294

Current Description

Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.

Basic Data

PublishedDecember 31, 2003
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score2.1
SeverityLOW
Exploitability Score3.9
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationXscreensaverXscreensaver4.05_5cl*******
    2.3ApplicationXscreensaverXscreensaver4.05_6*******
    2.3ApplicationXscreensaverXscreensaver4.05_6a*******
    2.3ApplicationXscreensaverXscreensaver4.05_150*******
    2.3ApplicationXscreensaverXscreensaver4.07_2*******
    2.3ApplicationXscreensaverXscreensaver4.08_29135cl*******
    2.3ApplicationXscreensaverXscreensaver4.09_0*******
    2.3ApplicationXscreensaverXscreensaver4.10_4*******
    2.3ApplicationXscreensaverXscreensaver4.10_6*******
    2.3ApplicationXscreensaverXscreensaver4.10_8*******
    2.3ApplicationXscreensaverXscreensaver4.10_15*******
    2.3ApplicationXscreensaverXscreensaver4.11_0*******
    2.3ApplicationXscreensaverXscreensaver4.12_58*******
    2.3ApplicationXscreensaverXscreensaver4.12_62*******
    2.3ApplicationXscreensaverXscreensaver4.14_0*******
    2.3ApplicationXscreensaverXscreensaver4.14_2*******
    2.3ApplicationXscreensaverXscreensaver4.14_4*******
    2.3ApplicationXscreensaverXscreensaver4.14_5*******

Vulnerable Software List

VendorProductVersions
Xscreensaver Xscreensaver 4.05_150, 4.05_5cl, 4.05_6, 4.05_6a, 4.07_2, 4.08_29135cl, 4.09_0, 4.10_15, 4.10_4, 4.10_6, 4.10_8, 4.11_0, 4.12_58, 4.12_62, 4.14_0, 4.14_2, 4.14_4, 4.14_5

References

NameSourceURLTags
20060602-01-Uftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.ascSGI
http://jwz.livejournal.com/310943.htmlhttp://jwz.livejournal.com/310943.htmlMISC
20224http://secunia.com/advisories/20224SECUNIA
20226http://secunia.com/advisories/20226SECUNIA
20456http://secunia.com/advisories/20456SECUNIA
20782http://secunia.com/advisories/20782SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2006-107.htmhttp://support.avaya.com/elmodocs2/security/ASA-2006-107.htmCONFIRM
http://www.novell.com/linux/download/updates/90_i386.htmlhttp://www.novell.com/linux/download/updates/90_i386.htmlCONFIRM
RHSA-2006:0498http://www.redhat.com/support/errata/RHSA-2006-0498.htmlREDHAT
9125http://www.securityfocus.com/bid/9125BID
ADV-2006-1948http://www.vupen.com/english/advisories/2006/1948VUPEN
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968CONFIRM
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286CONFIRM
oval:org.mitre.oval:def:10848https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10848OVAL