Bug 441451 (CVE-2008-1683) - CVE-2008-1683 xscreensaver: fails to start if NIS authentication is used and network is unavailable
Summary: CVE-2008-1683 xscreensaver: fails to start if NIS authentication is used and ...
Status: CLOSED NOTABUG
Alias: CVE-2008-1683
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard: reported=20080314,source=redhat,publi...
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-08 07:24 UTC by Tomas Hoger
Modified: 2010-12-23 16:57 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-23 16:57:57 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Tomas Hoger 2008-04-08 07:24:35 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1683 to the following vulnerability:

xscreensaver on Fedora 8, when an NIS authentication server is enabled, exits if this server is unavailable as the xscreensaver process is starting, which allows physically proximate attackers to gain access to a workstation session for which locking was intended, a related issue to CVE-2007-1859.

Refences:
https://bugzilla.redhat.com/show_bug.cgi?id=435773
Comment 1 Mamoru TASAKA 2008-04-08 07:36:41 UTC 
CC-ing to jwz.
Comment 2 Jamie Zawinski 2008-04-08 09:01:54 UTC 
This was fixed in 2005 or something. If Red Hat would stop shipping xscreensaver 4.24, I might get to 
stop hearing about this someday.
Comment 3 Mamoru TASAKA 2008-04-08 09:51:52 UTC 
(In reply to comment #0)
> xscreensaver on Fedora 8, when an NIS authentication server is enabled, exits
if this server is unavailable as the xscreensaver process is starting, 

> Refences:
> https://bugzilla.redhat.com/show_bug.cgi?id=435773

Well, I don't use NIS, however do you mean 
https://bugzilla.redhat.com/show_bug.cgi?id=435773#c11 ? This says
- The system uses NIS authentication
- The network connection to NIS happens to start
- _After_ this disconnenction happens a user tries to start xscreensaver
- Then xscreensaver refuses to start.

(again I don't use NIS, so I am just guessing what is happening)
As far as I read bug 435773, xscreensaver refuses  to start at
the lines 1520-1521 of src/xscreensaver.c, however IMO this is perhaps
what xscreensaver just expects.

Note that Fedora-8 xscreensaver is now 5.05.
Comment 4 Mamoru TASAKA 2008-04-08 09:54:56 UTC 
(In reply to comment #3)
> Well, I don't use NIS, however do you mean 
> https://bugzilla.redhat.com/show_bug.cgi?id=435773#c11 ? This says
> - The system uses NIS authentication
> - The network connection to NIS happens to start

  This line should read as "The network connection to NIS happens to
  stop"...

> - _After_ this disconnenction happens a user tries to start xscreensaver
> - Then xscreensaver refuses to start.
>
Comment 5 Vincent Danen 2010-12-23 16:57:57 UTC 
MITRE's description:

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-0887. Reason: This candidate is a duplicate of CVE-2008-0887. Notes: All CVE users should reference CVE-2008-0887 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Note You need to log in before you can comment on or make changes to this bug.