Vulnerability CVE-2004-2655


Published: 2004-12-31   Modified: 2012-02-12

Description:
rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.

Type:

CWE-Other

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.4/10
6.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
Xscreensaver -> Xscreensaver 

 References:
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
http://securitytracker.com/id?1016150
http://securitytracker.com/id?1016151
http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm
http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2004-08/0018.html
http://www.jwz.org/xscreensaver/changelog.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:071
http://www.novell.com/linux/security/advisories/2006_23_sr.html
http://www.redhat.com/support/errata/RHSA-2006-0498.html
http://www.securityfocus.com/bid/17471
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188149
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10096
https://usn.ubuntu.com/269-1/

Copyright 2024, cxsecurity.com

 

Back to Top