Vulnerability Name:

CVE-2008-0887 (CCN-41628)

Assigned:2008-04-02
Published:2008-04-02
Updated:2017-09-29
Summary:gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.7 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C)
3.5 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
3.7 Low (REDHAT CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P)
2.7 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2008-0887

Source: MITRE
Type: CNA
CVE-2008-1683

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:014

Source: CCN
Type: GNOME Web site
GnomeScreensaver - GNOME Live!

Source: OSVDB
Type: UNKNOWN
35531

Source: CCN
Type: RHSA-2008-0197
Moderate: gnome-screensaver security update

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0197

Source: CCN
Type: RHSA-2008-0218
Moderate: gnome-screensaver security update

Source: CCN
Type: SA29595
gnome-screensaver Information Disclosure and Security Bypass

Source: SECUNIA
Type: Vendor Advisory
29595

Source: SECUNIA
Type: Vendor Advisory
29606

Source: SECUNIA
Type: UNKNOWN
29742

Source: SECUNIA
Type: UNKNOWN
29759

Source: SECUNIA
Type: UNKNOWN
30967

Source: SECUNIA
Type: UNKNOWN
32691

Source: GENTOO
Type: UNKNOWN
GLSA-200804-12

Source: CCN
Type: SECTRACK ID: 1019749
gnome-screensaver Lets Local Users Bypass the Password

Source: SECTRACK
Type: UNKNOWN
1019749

Source: CCN
Type: GLSA-200804-12
gnome-screensaver: Privilege escalation

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:132

Source: CCN
Type: OSVDB ID: 35531
XScreenSaver getpwuid() Failed Network Authentication Screen Lock Bypass

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0218

Source: BID
Type: UNKNOWN
28575

Source: CCN
Type: BID-28575
Gnome Desktop Screensaver NIS Authentication Local Unauthorized Access Vulnerability

Source: CCN
Type: USN-669-1
gnome-screensaver vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-669-1

Source: CCN
Type: Red Hat Bugzilla Bug 435773
CVE-2008-0887 gnome-screensaver using NIS auth will unlock if NIS goes away

Source: CONFIRM
Type: Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=435773

Source: XF
Type: UNKNOWN
gnomescreensaver-nis-security-bypass(41628)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10813

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-2967

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-3017

Source: SUSE
Type: SUSE-SR:2008:014
[security-announce] SUSE Security Summary Report SUSE-SR:2008:014

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnome:screensaver:*:*:*:*:*:*:*:* (Version <= 2.20.0)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:42315
    P
    		Security update for pcre (Important)
    2022-07-12
    oval:org.opensuse.security:def:20080887
    V
    		CVE-2008-0887
    2022-05-20
    oval:org.opensuse.security:def:31376
    P
    		Security update for apache2 (Important)
    2022-01-12
    oval:org.opensuse.security:def:31375
    P
    		Security update for libvirt (Important)
    2022-01-10
    oval:org.opensuse.security:def:31335
    P
    		Security update for xorg-x11-server (Important)
    2021-12-20
    oval:org.opensuse.security:def:33062
    P
    		Security update for gettext-runtime (Moderate)
    2021-12-14
    oval:org.opensuse.security:def:26176
    P
    		Security update for speex (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:32214
    P
    		Security update for pcre (Moderate)
    2021-11-10
    oval:org.opensuse.security:def:31691
    P
    		Security update for apache2 (Important)
    2021-10-06
    oval:org.opensuse.security:def:31690
    P
    		Security update for webkit2gtk3 (Important)
    2021-10-06
    oval:org.opensuse.security:def:26137
    P
    		Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:32195
    P
    		Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:31264
    P
    		Security update for file (Important)
    2021-09-02
    oval:org.opensuse.security:def:42117
    P
    		Security update for xen (Important)
    2021-09-02
    oval:org.opensuse.security:def:26113
    P
    		Security update for mysql-connector-java (Moderate)
    2021-08-30
    oval:org.opensuse.security:def:31243
    P
    		Security update for cpio (Important)
    2021-08-14
    oval:org.opensuse.security:def:32151
    P
    		Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)
    2021-07-27
    oval:org.opensuse.security:def:26088
    P
    		Security update for the Linux Kernel (Important)
    2021-07-14
    oval:org.opensuse.security:def:32129
    P
    		Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)
    2021-06-18
    oval:org.opensuse.security:def:31632
    P
    		Security update for MozillaFirefox (Important)
    2021-06-08
    oval:org.opensuse.security:def:36138
    P
    		gnome-screensaver-2.28.3-0.39.17 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42545
    P
    		gnome-screensaver-2.28.3-0.39.17 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:31190
    P
    		Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)
    2021-06-04
    oval:org.opensuse.security:def:32090
    P
    		Security update for avahi (Important)
    2021-06-03
    oval:org.opensuse.security:def:31616
    P
    		Security update for bind (Important)
    2021-05-04
    oval:org.opensuse.security:def:26035
    P
    		Security update for apache-commons-io (Moderate)
    2021-04-26
    oval:org.opensuse.security:def:26029
    P
    		Security update for the Linux Kernel (Important)
    2021-04-15
    oval:org.opensuse.security:def:31605
    P
    		Security update for xorg-x11-server (Important)
    2021-04-14
    oval:org.opensuse.security:def:31604
    P
    		Security update for spamassassin (Important)
    2021-04-12
    oval:org.opensuse.security:def:33101
    P
    		Security update for nghttp2 (Important)
    2021-03-24
    oval:org.opensuse.security:def:31742
    P
    		Security update for git (Important)
    2021-03-09
    oval:org.opensuse.security:def:32270
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:31740
    P
    		Security update for the Linux Kernel (Important)
    2021-03-09
    oval:org.opensuse.security:def:26190
    P
    		Security update for MozillaFirefox (Low)
    2021-02-10
    oval:org.opensuse.security:def:26037
    P
    		Security update for the Linux Kernel (Important)
    2021-01-15
    oval:org.opensuse.security:def:31685
    P
    		Security update for java-1_8_0-ibm (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:31178
    P
    		Security update for flac (Moderate)
    2021-01-04
    oval:org.opensuse.security:def:31635
    P
    		Security update for java-1_7_1-ibm (Moderate)
    2021-01-04
    oval:org.opensuse.security:def:31179
    P
    		Security update for dovecot22 (Important)
    2021-01-04
    oval:org.opensuse.security:def:25979
    P
    		Security update for xen (Moderate)
    2020-12-18
    oval:org.opensuse.security:def:32833
    P
    		Security update for ovmf (Moderate)
    2020-12-16
    oval:org.opensuse.security:def:25972
    P
    		Security update for postgresql12 (Important)
    2020-12-04
    oval:org.opensuse.security:def:41964
    P
    		gnome-screensaver-2.28.3-0.4.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35710
    P
    		gnome-screensaver-2.28.3-0.28.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35908
    P
    		gnome-screensaver-2.28.3-0.32.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35557
    P
    		gnome-screensaver-2.28.3-0.4.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:26872
    P
    		cifs-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25940
    P
    		Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:31822
    P
    		Security update for axis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26463
    P
    		Security update for enigmail (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25108
    P
    		Security update for sssd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25312
    P
    		Security update for libsolv (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26419
    P
    		Security update for mbedtls (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32675
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25337
    P
    		Security update for ucode-intel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31779
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:25470
    P
    		Security update for permissions (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25800
    P
    		Security update for polkit (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31893
    P
    		Security update for expat (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32424
    P
    		Security update for wpa_supplicant (Important)
    2020-12-01
    oval:org.opensuse.security:def:25688
    P
    		Security update for systemd (Important)
    2020-12-01
    oval:org.opensuse.security:def:32041
    P
    		Security update for krb5 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31025
    P
    		Security update for java-1_7_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:31985
    P
    		Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:32380
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32058
    P
    		Security update for kvm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25840
    P
    		Security update for libvirt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26907
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31387
    P
    		Security update for openvpn-openssl1 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27101
    P
    		cron on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31914
    P
    		Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25109
    P
    		Security update for audit (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25393
    P
    		Security update for libqt5-qtbase (Important)
    2020-12-01
    oval:org.opensuse.security:def:26317
    P
    		Security update for chromium (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31845
    P
    		Security update for clamav (Important)
    2020-12-01
    oval:org.opensuse.security:def:25261
    P
    		Security update for python-cffi, python-cryptography (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25465
    P
    		Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:26264
    P
    		Security update for gegl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31801
    P
    		security update for xen (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32872
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25534
    P
    		Security update for adns (Important)
    2020-12-01
    oval:org.opensuse.security:def:31479
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31932
    P
    		Security update for libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25699
    P
    		Security update for dnsmasq (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26522
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31026
    P
    		Security update for java-1_7_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:31396
    P
    		Security update for perl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31461
    P
    		Security update for postgresql94 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25685
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25993
    P
    		Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27136
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31971
    P
    		Security update for jakarta-commons-collections (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32483
    P
    		OpenEXR on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25120
    P
    		Security update for openwsman (Important)
    2020-12-01
    oval:org.opensuse.security:def:25450
    P
    		Security update for bluez (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26366
    P
    		Security update for kdelibs4, kio (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25262
    P
    		Security update for spamassassin (Important)
    2020-12-01
    oval:org.opensuse.security:def:25546
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31998
    P
    		Security update for jpeg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25458
    P
    		Security update for sqlite3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25662
    P
    		Security update for apache-commons-httpclient (Important)
    2020-12-01
    oval:org.opensuse.security:def:31954
    P
    		Security update for gstreamer-0_10-plugins-base (Important)
    2020-12-01
    oval:org.opensuse.security:def:25763
    P
    		Security Update for Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26557
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31037
    P
    		Security update for kdebase4-runtime
    2020-12-01
    oval:org.opensuse.security:def:31392
    P
    		Security update for pam-modules (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32319
    P
    		Security update for ruby (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26675
    P
    		bzip2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31488
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25787
    P
    		Security update for libwmf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31593
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25738
    P
    		Security update for libxslt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26234
    P
    		Security update for LibreOffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25838
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:32522
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25184
    P
    		Security update for vim (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25884
    P
    		Security update for lhasa (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26405
    P
    		Security update for sox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32636
    P
    		apache2-mod_php53 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25273
    P
    		Security update for ceph (Important)
    2020-12-01
    oval:org.opensuse.security:def:25603
    P
    		Security update for java-1_8_0-openjdk (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25459
    P
    		Security update for cups (Important)
    2020-12-01
    oval:org.opensuse.security:def:25743
    P
    		Security update for libssh (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31844
    P
    		Security update for clamav (Important)
    2020-12-01
    oval:org.opensuse.security:def:25687
    P
    		Security update for bluez (Important)
    2020-12-01
    oval:org.opensuse.security:def:25891
    P
    		Security update for libimobiledevice, usbmuxd (Important)
    2020-12-01
    oval:org.opensuse.security:def:31788
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:31111
    P
    		Security update for krb5 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31829
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:32358
    P
    		Security update for squidGuard (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26710
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31545
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:25826
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.mitre.oval:def:17707
    P
    		USN-669-1 -- gnome-screensaver vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:21852
    P
    		ELSA-2008:0218: gnome-screensaver security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:22162
    P
    		ELSA-2008:0197: gnome-screensaver security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:10813
    V
    		gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.
    2013-04-29
    oval:com.redhat.rhsa:def:20080218
    P
    		RHSA-2008:0218: gnome-screensaver security update (Moderate)
    2008-04-03
    oval:com.redhat.rhsa:def:20080197
    P
    		RHSA-2008:0197: gnome-screensaver security update (Moderate)
    2008-04-02
    BACK
    gnome screensaver *