Vulnerabilities > CVE-2008-0887 - Local Unauthorized Access vulnerability in Gnome Desktop Screensaver NIS Authentication

CVSS 4.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

local

gnome

nessus

NVD

Published: 2008-04-06

Updated: 2017-09-29

Summary

gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.

Vulnerable Configurations

Part	Description	Count
Application	Gnome Gnome Screensaver *	1

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_XSCREENSAVER-5333.NASL
description	Following security problem is fixed by this patch : CVE-2008-1683: When getpwuid() fails (due to dropped network on NIS accounts) fail instead of silently disabling locking (and just blanking).
last seen	2020-06-01
modified	2020-06-02
plugin id	33742
published	2008-07-28
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33742
title	openSUSE 10 Security Update : xscreensaver (xscreensaver-5333)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-669-1.NASL
description	It was discovered that the notify feature in gnome-screensaver could let a local attacker read the clipboard contents of a locked session by using Ctrl-V. (CVE-2007-6389) Alan Matsuoka discovered that gnome-screensaver did not properly handle network outages when using a remote authentication service. During a network interruption, or by disconnecting the network cable, a local attacker could gain access to locked sessions. (CVE-2008-0887). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	36364
published	2009-04-23
reporter	Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/36364
title	Ubuntu 6.06 LTS / 7.10 : gnome-screensaver vulnerabilities (USN-669-1)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0197.NASL
description	From Red Hat Security Advisory 2008:0197 : An updated gnome-screensaver package that fixes a security flaw is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. gnome-screensaver is the GNOME project
last seen	2020-06-01
modified	2020-06-02
plugin id	67673
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67673
title	Oracle Linux 5 : gnome-screensaver (ELSA-2008-0197)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-474-1.NASL
description	It was discovered that xscreensaver did not correctly validate the return values from network authentication systems such as LDAP or NIS. A local attacker could bypass a locked screen if they were able to interrupt network connectivity. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	28075
published	2007-11-10
reporter	Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/28075
title	Ubuntu 6.06 LTS / 6.10 / 7.04 : xscreensaver vulnerability (USN-474-1)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2008-132.NASL
description	A vulnerability was found in gnome-screensaver prior to 2.22.1 when a remote authentication server was enabled. During a network outage, gnome-screensaver would crash upon an unlock attempt, allowing physically local users to gain access to locked sessions (CVE-2008-0887). The updated packages have been patched to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	37475
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/37475
title	Mandriva Linux Security Advisory : gnome-screensaver (MDVSA-2008:132)

NASL family	SuSE Local Security Checks
NASL id	SUSE_XSCREENSAVER-5334.NASL
description	Following security problem is fixed by this patch : - When getpwuid() fails (due to dropped network on NIS accounts) fail instead of silently disabling locking (and just blanking). (CVE-2008-1683)
last seen	2020-06-01
modified	2020-06-02
plugin id	33743
published	2008-07-28
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33743
title	SuSE 10 Security Update : xscreensaver (ZYPP Patch Number 5334)

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12174.NASL
description	Following security problem is fixed by this patch : - When getpwuid() fails (due to dropped network on NIS accounts) fail instead of silently disabling locking (and just blanking). (CVE-2008-1683)
last seen	2020-06-01
modified	2020-06-02
plugin id	41216
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41216
title	SuSE9 Security Update : xscreensaver (YOU Patch Number 12174)

NASL family	SuSE Local Security Checks
NASL id	SUSE_GNOME-SCREENSAVER-5172.NASL
description	An attacker could log in without a valid password if the NIS server is down. (CVE-2008-0887)
last seen	2020-06-01
modified	2020-06-02
plugin id	33267
published	2008-06-26
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33267
title	openSUSE 10 Security Update : gnome-screensaver (gnome-screensaver-5172)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2007-097.NASL
description	A problem with the way xscreensaver verifies user passwords was discovered by Alex Yamauchi. When a system is using remote authentication (i.e. LDAP) for logins, a local attacker able to cause a network outage on the system could cause xscreensaver to crash, which would unlock the screen. Updated packages have been patched to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	25157
published	2007-05-03
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25157
title	Mandrake Linux Security Advisory : xscreensaver (MDKSA-2007:097)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0197.NASL
description	An updated gnome-screensaver package that fixes a security flaw is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. gnome-screensaver is the GNOME project
last seen	2020-06-01
modified	2020-06-02
plugin id	31755
published	2008-04-04
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31755
title	RHEL 5 : gnome-screensaver (RHSA-2008:0197)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0197.NASL
description	An updated gnome-screensaver package that fixes a security flaw is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. gnome-screensaver is the GNOME project
last seen	2020-06-01
modified	2020-06-02
plugin id	43679
published	2010-01-06
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43679
title	CentOS 5 : gnome-screensaver (CESA-2008:0197)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0218.NASL
description	An updated gnome-screensaver package that fixes a security flaw is now available for Red Hat Enterprise Linux FasTrack 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. gnome-screensaver is the GNOME project
last seen	2020-06-01
modified	2020-06-02
plugin id	32420
published	2008-05-22
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/32420
title	RHEL 5 : gnome-screensaver (RHSA-2008:0218)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-3017.NASL
description	Update for advisory CVE-2008-0887 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	31826
published	2008-04-11
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31826
title	Fedora 8 : gnome-screensaver-2.20.0-12.fc8 (2008-3017)

NASL family	SuSE Local Security Checks
NASL id	SUSE_GNOME-SCREENSAVER-5179.NASL
description	An attacker could log in without a valid password if the NIS server is down. (CVE-2008-0887)
last seen	2020-06-01
modified	2020-06-02
plugin id	33251
published	2008-06-24
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33251
title	SuSE 10 Security Update : gnome-screensaver (ZYPP Patch Number 5179)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20080402_GNOME_SCREENSAVER_ON_SL5_X.NASL
description	A flaw was found in the way gnome-screensaver verified user passwords. When a system used a remote directory service for login credentials, a local attacker able to cause a network outage could cause gnome-screensaver to crash, unlocking the screen. (CVE-2008-0887)
last seen	2020-06-01
modified	2020-06-02
plugin id	60379
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60379
title	Scientific Linux Security Update : gnome-screensaver on SL5.x i386/x86_64

NASL family	SuSE Local Security Checks
NASL id	SUSE_GNOME-SCREENSAVER-5175.NASL
description	An attacker could log in without a valid password if the NIS server is down. (CVE-2008-0887)
last seen	2020-06-01
modified	2020-06-02
plugin id	33215
published	2008-06-18
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33215
title	openSUSE 10 Security Update : gnome-screensaver (gnome-screensaver-5175)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-2967.NASL
description	Update for advisory CVE-2008-0887 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	31819
published	2008-04-11
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31819
title	Fedora 7 : gnome-screensaver-2.18.2-4.fc7 (2008-2967)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200804-12.NASL
description	The remote host is affected by the vulnerability described in GLSA-200804-12 (gnome-screensaver: Privilege escalation) gnome-screensaver incorrectly handles the results of the getpwuid() function in the file src/setuid.c when using directory servers (like NIS) during a network outage, a similar issue to GLSA 200705-14. Impact : A local user can crash gnome-xscreensaver by preventing network connectivity if the system uses a remote directory service for credentials such as NIS or LDAP, which will unlock the screen. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	31959
published	2008-04-17
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31959
title	GLSA-200804-12 : gnome-screensaver: Privilege escalation

Oval

accepted

2013-04-29T04:09:00.511-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10813

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

bugzilla

id	435773
title	CVE-2008-0887 gnome-screensaver using NIS auth will unlock if NIS goes away

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005
comment gnome-screensaver is earlier than 0:2.16.1-5.el5_1.1
oval oval:com.redhat.rhsa:tst:20080197001
comment gnome-screensaver is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080197002

rhsa

id	RHSA-2008:0197
released	2008-04-02
severity	Moderate
title	RHSA-2008:0197: gnome-screensaver security update (Moderate)

bugzilla

id	435773
title	CVE-2008-0887 gnome-screensaver using NIS auth will unlock if NIS goes away

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005
comment gnome-screensaver is earlier than 0:2.16.1-8.el5
oval oval:com.redhat.rhsa:tst:20080218001
comment gnome-screensaver is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080197002

rhsa

id	RHSA-2008:0218
released	2008-04-03
severity	Moderate
title	RHSA-2008:0218: gnome-screensaver security update (Moderate)

rpms

gnome-screensaver-0:2.16.1-5.el5_1.1
gnome-screensaver-debuginfo-0:2.16.1-5.el5_1.1
gnome-screensaver-0:2.16.1-8.el5
gnome-screensaver-debuginfo-0:2.16.1-8.el5

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 28575 CVE(CAN) ID: CVE-2008-0887 gnome-screensaver是用于取代xscreensaver的屏保程序。 gnome-screensaver验证用户口令的方式存在漏洞，如果启用了远程NIS认证服务器的话，能够导致网络中断的本地攻击者就可以导致gnome-screensaver崩溃，这样就打开了锁定的屏幕。 GNOME gnome-screensaver < 2.22.1 GNOME ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://live.gnome.org/GnomeScreensaver/ target=_blank>http://live.gnome.org/GnomeScreensaver/</a> RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2008:0197-01）以及相应补丁: RHSA-2008:0197-01：Moderate: gnome-screensaver security update 链接：<a href=https://www.redhat.com/support/errata/RHSA-2008-0197.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0197.html</a>
id	SSV:3578
last seen	2017-11-19
modified	2008-07-09
published	2008-07-09
reporter	Root
title	Gnome屏保程序NIS认证本地非授权访问漏洞

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

Seebug

References