XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Enterprise_linux | Redhat | 2.1 (including) | 2.1 (including) |
| Enterprise_linux | Redhat | 3.0 (including) | 3.0 (including) |
| Enterprise_linux | Redhat | 4.0 (including) | 4.0 (including) |
| Enterprise_linux_desktop | Redhat | 3.0 (including) | 3.0 (including) |
| Enterprise_linux_desktop | Redhat | 4.0 (including) | 4.0 (including) |
| Linux_advanced_workstation | Redhat | 2.1 (including) | 2.1 (including) |
| Red Hat Enterprise Linux 2.1 | RedHat | xscreensaver-1:3.33-4.rhel21.5 | * |
| Red Hat Enterprise Linux 3 | RedHat | xscreensaver-1:4.10-21.el3 | * |
| Red Hat Enterprise Linux 4 | RedHat | xscreensaver-1:4.18-5.rhel4.14 | * |
| Xscreensaver | Ubuntu | dapper | * |
| Xscreensaver | Ubuntu | devel | * |
| Xscreensaver | Ubuntu | edgy | * |
| Xscreensaver | Ubuntu | feisty | * |