CVE-2003-0885 — Xscreensaver vulnerability

7 documents6 sources

Severity

6.4MEDIUMNVD

EPSS

0.4%

top 41.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xscreensaver Debian Xscreensaver

Timeline

PublishedDec 31

Latest updateApr 29

Description

Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/xscreensaver< xscreensaver 4.15 (bookworm)

▶Debianxscreensaver/xscreensaver< 4.15+3

▶NVDxscreensaver/xscreensaver4.14

Patches

Patch: bugs.gentoo.org ↗Patch: bugs.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-588w-fjff-4h69: Xscreensaver 4↗2022-04-29

▶

OSV

CVE-2003-0885: Xscreensaver 4↗2003-12-31

▶

📋Vendor Advisories

Debian

CVE-2003-0885: xscreensaver - Xscreensaver 4.14 contains certain debugging code that should have been omitted,...↗2003

▶

Red Hat

CVE-2003-0885: Xscreensaver 4↗

▶

💬Community

Bugzilla

CVE-2003-1294 xscreensaver temporary file flaws↗2006-02-21

▶

Bugzilla

CVE-2003-1294 xscreensaver temporary file flaws↗2006-02-21

▶