Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: xscreensaver vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that xscreensaver did not correctly validate the return values from network authentication systems such as LDAP or NIS. A local attacker could bypass a locked screen if they were able to interrupt network connectivity.
Ubuntu Security Notice USN-474-1              June 12, 2007
xscreensaver vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  xscreensaver                             4.23-4ubuntu8.1

Ubuntu 6.10:
  xscreensaver                             4.24-4ubuntu2.1

Ubuntu 7.04:
  xscreensaver                             4.24-5ubuntu2.1

After a standard system upgrade you need to restart your session to
effect the necessary changes.

Details follow:

It was discovered that xscreensaver did not correctly validate the
return values from network authentication systems such as LDAP or NIS.
A local attacker could bypass a locked screen if they were able to
interrupt network connectivity.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   134632 8481d5e90771f8457d9aba033d5ca005
      Size/MD5:     1137 4945fe2551184eba924db9931f545814
      Size/MD5:  4939070 27491d117a8f7ae57d1fdf5f15d61ac6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  3154668 d5588bfb2ea95e4ccfaae11ed5523cb5
      Size/MD5:   450108 9ff1f49e0080ec94ab7a536c71e07204
      Size/MD5:  1870478 a99cfd717ac1c1697e58e16be8aa5036
      Size/MD5:  1765440 e3de8c3fad6fd2f79b46f88615b16d0b
      Size/MD5:   291970 8d255b61956d293fe6ee236dfca94f68

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  2700432 97394772928693483008cd0ac6c7a111
      Size/MD5:   383712 55b696ecfb2e79a106bc78e5b82747f9
      Size/MD5:  1727298 5e9c73dc75f0631bfe6d518f6e209708
      Size/MD5:  1578310 14bfe53892544797fecbfe1e896f2ade
      Size/MD5:   276842 e825b87f705b790bd5653ce921a748e2

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  3351462 b966821dd75ad0695c2dfbf330634ede
      Size/MD5:   474390 02ee60c27f941a90dae0b6cb3a93fc64
      Size/MD5:  1924010 d8ad2ba7aba10e52f1970b2e87210554
      Size/MD5:  1804516 5d206d43e41215a7a0469e7169f16170
      Size/MD5:   287952 f9d93805ad6d52ddd45ed1b101b2bccb

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:  2890300 8c6a8458dd36cab029519bf4e22464ec
      Size/MD5:   415134 6ce7efcf9cb1d82f4feaf472ea48ea7a
      Size/MD5:  1799904 4b0ed2d3942f8d8f1d1b84d580511c6e
      Size/MD5:  1657370 ce274d549d9e3d6c87b073677a911d3f
      Size/MD5:   276980 f90a638d9764976fa605c822a6ce14e7

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:  1769117 44917db2258cea78e0d9cc95b4adf0ef
      Size/MD5:     1138 32d5e20fa80106c883bed19bc0e39730
      Size/MD5:  4936993 174b6a7cebd892c1a6c2d56bf5ac5af6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  3165732 adfc3c5c8be751e4ac84814d5f9ee048
      Size/MD5:   452946 787ff5cd134d793bc6468309f6c012f4
      Size/MD5:  1880528 1fc6f3f9892e0cdb8ac22faf3b1bf946
      Size/MD5:  1777676 690bf82414ec5cae66e71768d05ec984
      Size/MD5:   293542 7e89154333892d7fc65e009975069a97

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  2810820 7b956e5fc89bae4d2630cbf976dbb6e2
      Size/MD5:   396086 fe722976f650133c1dd9578173d99c61
      Size/MD5:  1767670 2f00ac7650a86695164f81b8609450ba
      Size/MD5:  1636586 89e9935fcb7c6ac2982a4fcf366d2db1
      Size/MD5:   282648 4f5c4eebd648115a312e6f66a5c0331d

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  3388600 746368cafc4455f842d834a07c9414c4
      Size/MD5:   478502 bf2c14c0dc85bbc2ae689b30a5ebc094
      Size/MD5:  1938696 0df2e7c01e6b396725ff72032762fb2e
      Size/MD5:  1822634 561b093325b9f46a478932ece9833159
      Size/MD5:   291754 bc7787b915346654a287d3a8de9cc57f

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:  2913546 ee91f377aa979c9cc85bd0ddfff627e0
      Size/MD5:   418652 763c6fb22f4751a7a8843195056b4d3a
      Size/MD5:  1812006 897021cdaf4e13286fd91bdac7b5dbf1
      Size/MD5:  1672888 8b7da0f95f26dafa163c2b8ed200be69
      Size/MD5:   278558 2b57e62b427ba9bf21acb86d729ffa2f

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:  1773062 37286827c310ad14b7b3fc7493d481de
      Size/MD5:     1222 65c8e4bfafc2333c4629bd596c8ee5fd
      Size/MD5:  4936993 174b6a7cebd892c1a6c2d56bf5ac5af6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  3176658 e150bbd928729f8a46610be70954b233
      Size/MD5:   454596 d48992c1a859586768b5ac46c4948ef2
      Size/MD5:  1881806 51ed2f5e5bae4aec9efd2706698db455
      Size/MD5:  1780960 27a63ecad8c5306e2175b9f709a5463d
      Size/MD5:   294664 9a02516eceece4ac9cd2e2ba2ba613c2

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  2820482 eb81e358ac6b8da4a3146651274baf18
      Size/MD5:   397730 f2b2e4d543a06d0ca582c0d7489be7b5
      Size/MD5:  1767936 3e88bdbb4dbb8671bcd673a40bdfbfde
      Size/MD5:  1636914 99f977285edc3b6d443676e79c4d932f
      Size/MD5:   283638 3fde0ca9de9b4801d538ceffbca2289a

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  3637692 2d5d88671b622b48d702730a765a6142
      Size/MD5:   513852 6f8ffed7224554954a0d19c50ed8b536
      Size/MD5:  2029204 e2a5b29e775f2e58b5b79596d65f9ecb
      Size/MD5:  1929494 93af3457e407f5f8fc69da2656634e27
      Size/MD5:   303112 80fbf962100b01793f90acc7cdb89404

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:  3005450 cd6ac222c2ad70462abce070435aea93
      Size/MD5:   432816 561c8e56448528d33837df1e533004c2
      Size/MD5:  1842314 46398856b666e9facc8ee0f57cac175c
      Size/MD5:  1712846 3afe79f637b9dc25e577bdecbfda666f
      Size/MD5:   284024 d884be55be2f049ac9b50516b2b96171

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
OpenSSL Mystery Patch is No Heartbleed
Study: One-third of top websites vulnerable or hacked
Threat-sharing cybersecurity bill unveiled
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.