xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/cve-2011-2187 | Third Party Advisory |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382 | Exploit Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187 | Exploit Issue Tracking Third Party Advisory |
https://security-tracker.debian.org/tracker/CVE-2011-2187 | Third Party Advisory |
https://www.jwz.org/xscreensaver/changelog.html | Release Notes Vendor Advisory |
https://www.openwall.com/lists/oss-security/2011/06/06/17 | Mailing List Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-11-27 18:15
Updated : 2024-02-04 20:39
NVD link : CVE-2011-2187
Mitre link : CVE-2011-2187
CVE.ORG link : CVE-2011-2187
JSON object : View
Products Affected
xscreensaver_project
- xscreensaver
debian
- debian_linux
CWE
CWE-306
Missing Authentication for Critical Function