Vulnerabilities > CVE-2004-2655 - Local Password Disclosure vulnerability in Xscreensaver 4.14/4.16/4.17
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen. This vulnerability is addressed in the following product release: XScreenSaver, XScreenSaver, 4.18
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0498.NASL description An updated xscreensaver package that fixes two security flaws is now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. XScreenSaver is a collection of screensavers. A keyboard focus flaw was found in the way XScreenSaver prompts the user to enter their password to unlock the screen. XScreenSaver did not properly ensure it had proper keyboard focus, which could leak a users password to the program with keyboard focus. This behavior is not common, as only certain applications exhibit this focus error. (CVE-2004-2655) Several flaws were found in the way various XScreenSaver screensavers create temporary files. It may be possible for a local attacker to create a temporary file in way that could overwrite a different file to which the user running XScreenSaver has write permissions. (CVE-2003-1294) Users of XScreenSaver should upgrade to this updated package, which contains backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21902 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21902 title CentOS 3 : xscreensaver (CESA-2006:0498) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0498 and # CentOS Errata and Security Advisory 2006:0498 respectively. # include("compat.inc"); if (description) { script_id(21902); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2003-1294", "CVE-2004-2655"); script_bugtraq_id(9125); script_xref(name:"RHSA", value:"2006:0498"); script_name(english:"CentOS 3 : xscreensaver (CESA-2006:0498)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated xscreensaver package that fixes two security flaws is now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. XScreenSaver is a collection of screensavers. A keyboard focus flaw was found in the way XScreenSaver prompts the user to enter their password to unlock the screen. XScreenSaver did not properly ensure it had proper keyboard focus, which could leak a users password to the program with keyboard focus. This behavior is not common, as only certain applications exhibit this focus error. (CVE-2004-2655) Several flaws were found in the way various XScreenSaver screensavers create temporary files. It may be possible for a local attacker to create a temporary file in way that could overwrite a different file to which the user running XScreenSaver has write permissions. (CVE-2003-1294) Users of XScreenSaver should upgrade to this updated package, which contains backported patches to correct these issues." ); # https://lists.centos.org/pipermail/centos-announce/2006-May/012908.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1d9d0667" ); # https://lists.centos.org/pipermail/centos-announce/2006-May/012909.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d912e09c" ); # https://lists.centos.org/pipermail/centos-announce/2006-May/012912.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c729cfdb" ); script_set_attribute( attribute:"solution", value:"Update the affected xscreensaver package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xscreensaver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/31"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"xscreensaver-4.10-20")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xscreensaver"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0498.NASL description An updated xscreensaver package that fixes two security flaws is now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. XScreenSaver is a collection of screensavers. A keyboard focus flaw was found in the way XScreenSaver prompts the user to enter their password to unlock the screen. XScreenSaver did not properly ensure it had proper keyboard focus, which could leak a users password to the program with keyboard focus. This behavior is not common, as only certain applications exhibit this focus error. (CVE-2004-2655) Several flaws were found in the way various XScreenSaver screensavers create temporary files. It may be possible for a local attacker to create a temporary file in way that could overwrite a different file to which the user running XScreenSaver has write permissions. (CVE-2003-1294) Users of XScreenSaver should upgrade to this updated package, which contains backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21593 published 2006-05-24 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21593 title RHEL 2.1 / 3 : xscreensaver (RHSA-2006:0498) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-269-1.NASL description In some cases, xscreensaver did not properly grab the keyboard when reading the password for unlocking the screen, so that the password was typed into the currently active application window. The only known vulnerable case was when xscreensaver activated while an rdesktop session was currently active. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21216 published 2006-04-12 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21216 title Ubuntu 4.10 / 5.04 : xscreensaver vulnerability (USN-269-1)
Oval
| accepted | 2013-04-29T04:01:35.406-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:10096 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen. | ||||||||
| version | 25 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
- http://secunia.com/advisories/20226
- http://secunia.com/advisories/20456
- http://secunia.com/advisories/20782
- http://secunia.com/advisories/22080
- http://securitytracker.com/id?1016150
- http://securitytracker.com/id?1016151
- http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm
- http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2004-08/0018.html
- http://www.jwz.org/xscreensaver/changelog.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:071
- http://www.novell.com/linux/security/advisories/2006_23_sr.html
- http://www.redhat.com/support/errata/RHSA-2006-0498.html
- http://www.securityfocus.com/bid/17471
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188149
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10096
- https://usn.ubuntu.com/269-1/