Vulnerability Name: | CVE-2003-1294 (CCN-13904) | ||||||||||||
Assigned: | 2003-11-28 | ||||||||||||
Published: | 2003-11-28 | ||||||||||||
Updated: | 2017-10-11 | ||||||||||||
Summary: | Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack. | ||||||||||||
CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||
CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||
Vulnerability Consequences: | File Manipulation | ||||||||||||
References: | Source: SGI Type: UNKNOWN 20060602-01-U Source: MITRE Type: CNA CVE-2003-1294 Source: MISC Type: UNKNOWN http://jwz.livejournal.com/310943.html Source: CCN Type: RHSA-2006-0498 xscreensaver security update Source: CCN Type: SA20224 XScreenSaver Insecure Temporary File Creation Vulnerability Source: SECUNIA Type: UNKNOWN 20224 Source: SECUNIA Type: UNKNOWN 20226 Source: CCN Type: SA20456 Avaya Products XScreenSaver Insecure Temporary File Creation Vulnerability Source: SECUNIA Type: UNKNOWN 20456 Source: SECUNIA Type: UNKNOWN 20782 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm Source: CCN Type: ASA-2006-107 xscreensaver security update (RHSA-2006-0498) Source: CCN Type: XScreenSaver Web page XScreenSaver Source: CONFIRM Type: UNKNOWN http://www.novell.com/linux/download/updates/90_i386.html Source: REDHAT Type: UNKNOWN RHSA-2006:0498 Source: BID Type: UNKNOWN 9125 Source: CCN Type: BID-9125 SuSE XScreenSaver Package Multiple Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2006-1948 Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968 Source: CCN Type: Red Hat Bugzilla Bug 182286 CVE-2003-1294 xscreensaver temporary file flaws Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286 Source: XF Type: UNKNOWN xscreensaver-tmpfile-insecure(13904) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10848 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: ![]() | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |