New Search

Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c (2) driver/xscreensaver-getimage-video (3) driver/xscreensaver.kss.in and the (4) vidwhacker and (5) webcollage screensavers which allows local users to overwrite arbitrary files via a symlink attack.

oval:org.mitre.oval:def:10848

Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c (2) driver/xscreensaver-getimage-video (3) driver/xscreensaver.kss.in and the (4) vidwhacker and (5) webcollage screensavers which allows local users to overwrite arbitrary files via a symlink attack.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 3
  • CentOS Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2003-1294
Product(s):