VUPEN Security - Redhat Security Update Fixes gnome-screensaver DoS Vulnerability / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Redhat Security Update Fixes gnome-screensaver DoS Vulnerability

Title : Redhat Security Update Fixes gnome-screensaver DoS Vulnerability
VUPEN ID : VUPEN/ADV-2008-1096
CVE ID : CVE-2008-0887
Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2008-04-03

Technical Description

A vulnerability has been identified in Red Hat Enterprise Linux, which could be exploited by malicious users to cause a denial of service and bypass security restrictions. This issue is caused by an error in the way gnome-screensaver verified user passwords while a system is used a remote directory service for login credentials, which could allow local attackers to crash gnome-screensaver, unlocking the screen.

Affected Products

Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux FasTrack (v. 5 client)
Red Hat Enterprise Linux FasTrack (v. 5 server)

Solution

Upgrade the affected packages :
http://rhn.redhat.com/

References

http://www.vupen.com/english/advisories/2008/1096
http://rhn.redhat.com/errata/RHSA-2008-0197.html
http://rhn.redhat.com/errata/RHSA-2008-0218.html

ChangeLog

2008-04-03 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Latest News

>> 2009-06-10