CVE-2003-1294Xscreensaver vulnerability

8 documents6 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 72.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XscreensaverDebian Xscreensaver
Timeline
PublishedDec 31
Latest updateMay 3

Description

Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

debiandebian/xscreensaver< xscreensaver 4.15-1 (bookworm)
Debianxscreensaver/xscreensaver< 4.15-1+3
NVDxscreensaver/xscreensaver18 versions+17

🔴Vulnerability Details

2
GHSA
GHSA-h4fc-76p7-v47h: Xscreensaver before 42022-05-03
OSV
CVE-2003-1294: Xscreensaver before 42003-12-31

📋Vendor Advisories

2
Red Hat
security flaw2003-11-28
Debian
CVE-2003-1294: xscreensaver - Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd...2003

💬Community

3
Bugzilla
CVE-2003-1294 security flaw2018-08-16
Bugzilla
CVE-2003-1294 xscreensaver temporary file flaws2006-02-21
Bugzilla
CVE-2003-1294 xscreensaver temporary file flaws2006-02-21
CVE-2003-1294 — Debian Xscreensaver vulnerability | cvebase