xscreensaver 5.03 and earlier, when running without xscreensaver-gl-extras (GL extras) installed, crashes when /usr/bin/xscreensaver-gl-helper does not exist and a user attempts to unlock the screen, which allows attackers with physical access to gain access to the locked session.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Xscreensaver | Xscreensaver | 5.03 (including) | 5.03 (including) |
| Xscreensaver | Ubuntu | dapper | * |
| Xscreensaver | Ubuntu | edgy | * |
| Xscreensaver | Ubuntu | feisty | * |
| Xscreensaver | Ubuntu | gutsy | * |
| Xscreensaver | Ubuntu | upstream | * |
References
- http://secunia.com/advisories/27392
- http://www.securityfocus.com/bid/26204
- https://bugzilla.redhat.com/show_bug.cgi?id=336331
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00336.html
- http://secunia.com/advisories/27392
- http://www.securityfocus.com/bid/26204
- https://bugzilla.redhat.com/show_bug.cgi?id=336331
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00336.html