The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of xscreensaver: bypassing authentication

Synthesis of the vulnerability 

When authentication uses a remote server, an attacker can interrupt the network in order to deactivate xscreensaver.
Vulnerable systems: Mandriva Linux, openSUSE, Solaris, RHEL, Unix (platform) ~ not comprehensive.
Severity of this threat: 2/4.
Creation date: 02/05/2007.
Références of this weakness: 20070501-01-P, 237003, CVE-2007-1859, MDKSA-2007:097, RHSA-2007:0322-01, SUSE-SR:2007:009, VIGILANCE-VUL-6782.

Description of the vulnerability 

The getpwuid() function obtains information for an user from his uid. This function returns NULL when user does not exists or if an error occurs.

When the xscreensaver password is invalid, the passwd_event_loop() function calls getpwuid() to log name of user who locked his session.

If the authentication service is on a remote server, an attacker can interrupt the network connection. The getpwuid() function then returns a NULL pointer. As this particular case is not handled, the NULL pointer is dereferenced, which stops xscreensaver. It can be noted that unplugging the network is correctly detected as an authentication failure, but it is the logging of this event which generates the vulnerability.

A local attacker can therefore access to session of an user who locked his session with xscreensaver.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness note impacts software or systems such as Mandriva Linux, openSUSE, Solaris, RHEL, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this threat note is medium.

The trust level is of type confirmed by the editor, with an origin of physical access.

An attacker with a expert ability can exploit this computer weakness.

Solutions for this threat 

xscreensaver: version 5.02.
Version 5.02 is corrected:
  http://www.jwz.org/xscreensaver/download.html

Mandriva: new xscreensaver packages.
New packages are available:
 
 Mandriva Linux 2007.0:
 e836c3e822bd2023489bc33021559e2d 2007.0/i586/xscreensaver-5.00-5.1mdv2007.0.i586.rpm
 114d59fee6b63fb55795509ce691fd7e 2007.0/i586/xscreensaver-base-5.00-5.1mdv2007.0.i586.rpm
 bf9f6d24f46fb92d5a92c128108247a0 2007.0/i586/xscreensaver-common-5.00-5.1mdv2007.0.i586.rpm
 59cc0c3dce851360e3475a63d1bfedc5 2007.0/i586/xscreensaver-extrusion-5.00-5.1mdv2007.0.i586.rpm
 a67ca45b6c8b471f686509ae6e284af4 2007.0/i586/xscreensaver-gl-5.00-5.1mdv2007.0.i586.rpm
 e0ae6f662b999018321082dafd0113cf 2007.0/SRPMS/xscreensaver-5.00-5.1mdv2007.0.src.rpm
 Mandriva Linux 2007.0/X86_64:
 04b19bf52df790976fa5d8f246d487fc 2007.0/x86_64/xscreensaver-5.00-5.1mdv2007.0.x86_64.rpm
 401342c023938d668c56406b7d663751 2007.0/x86_64/xscreensaver-base-5.00-5.1mdv2007.0.x86_64.rpm
 a9e77f44381ea1b148eae13da96bbce9 2007.0/x86_64/xscreensaver-common-5.00-5.1mdv2007.0.x86_64.rpm
 a6c9b67df6fab0c67c87ccbcba23328b 2007.0/x86_64/xscreensaver-extrusion-5.00-5.1mdv2007.0.x86_64.rpm
 7e9b52bb1edefe9ee1156edd71b17114 2007.0/x86_64/xscreensaver-gl-5.00-5.1mdv2007.0.x86_64.rpm
 e0ae6f662b999018321082dafd0113cf 2007.0/SRPMS/xscreensaver-5.00-5.1mdv2007.0.src.rpm
 Mandriva Linux 2007.1:
 cf74a31de15b8032cac5ff8efe970352 2007.1/i586/xscreensaver-5.01-3.1mdv2007.1.i586.rpm
 50afa981a0c89f4868fe77488cc2ee64 2007.1/i586/xscreensaver-base-5.01-3.1mdv2007.1.i586.rpm
 f84ca2049923f5e7ee0995308378d21f 2007.1/i586/xscreensaver-common-5.01-3.1mdv2007.1.i586.rpm
 e2856e0fc916445a1b5aa5d2071efee9 2007.1/i586/xscreensaver-extrusion-5.01-3.1mdv2007.1.i586.rpm
 8c11d67c56b5d87f70c632980bb11c63 2007.1/i586/xscreensaver-gl-5.01-3.1mdv2007.1.i586.rpm
 81a0cd78ff26cd58b5b8bd253f31e90f 2007.1/SRPMS/xscreensaver-5.01-3.1mdv2007.1.src.rpm
 Mandriva Linux 2007.1/X86_64:
 8b02873cf99b5d419748ab6ddadb578a 2007.1/x86_64/xscreensaver-5.01-3.1mdv2007.1.x86_64.rpm
 ec5012296ac600be9564e2398c6f0f26 2007.1/x86_64/xscreensaver-base-5.01-3.1mdv2007.1.x86_64.rpm
 2df43b6ebf7a668373e045b858073d56 2007.1/x86_64/xscreensaver-common-5.01-3.1mdv2007.1.x86_64.rpm
 ff66a6152a0d050b3c80e357e66a0f4e 2007.1/x86_64/xscreensaver-extrusion-5.01-3.1mdv2007.1.x86_64.rpm
 f62427b9d401edb71fcd0cff77af458d 2007.1/x86_64/xscreensaver-gl-5.01-3.1mdv2007.1.x86_64.rpm
 81a0cd78ff26cd58b5b8bd253f31e90f 2007.1/SRPMS/xscreensaver-5.01-3.1mdv2007.1.src.rpm
 Corporate 3.0:
 7a347edabdaf4abb61ac57263f3d41ab corporate/3.0/i586/xscreensaver-4.14-4.2.C30mdk.i586.rpm
 6f9ea46c93d75ce54e91a0b04a2485d1 corporate/3.0/i586/xscreensaver-extrusion-4.14-4.2.C30mdk.i586.rpm
 2b15011891719fbce2d442748f194cec corporate/3.0/i586/xscreensaver-gl-4.14-4.2.C30mdk.i586.rpm
 1249c7696a3c54ae8eb41369c6c24272 corporate/3.0/SRPMS/xscreensaver-4.14-4.2.C30mdk.src.rpm
 Corporate 3.0/X86_64:
 705a50c595828a6f24006ff5707c91bd corporate/3.0/x86_64/xscreensaver-4.14-4.2.C30mdk.x86_64.rpm
 020673cb6dd074c0fb5c166ca4c98d1d corporate/3.0/x86_64/xscreensaver-extrusion-4.14-4.2.C30mdk.x86_64.rpm
 f87ad1daef3daf35ed3595ecfe9ef8b3 corporate/3.0/x86_64/xscreensaver-gl-4.14-4.2.C30mdk.x86_64.rpm
 1249c7696a3c54ae8eb41369c6c24272 corporate/3.0/SRPMS/xscreensaver-4.14-4.2.C30mdk.src.rpm

RHEL: new xscreensaver packages.
New packages are available:
Red Hat Enterprise Linux version 2.1: xscreensaver-3.33-4.rhel21.5
Red Hat Enterprise Linux version 3: xscreensaver-4.10-21.el3
Red Hat Enterprise Linux version 4: xscreensaver-4.18-5.rhel4.14

SGI ProPack: new cups, freetype, openoffice, php, postgresql, xscreensaver packages.
Patch 10403 is available:
  http://support.sgi.com/
New packages are also available:
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

Solaris 10: patch for XScreenSaver.
A patch is available:
  SPARC: 120094-35
  X86: 120095-35

SUSE: new ekiga, xscreensaver, cups, quagga packages.
New packages are available via YaST or FTP.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides cybersecurity bulletins. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.