CVE-2011-2187

xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.

CVSS v3.0 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382	Exploit Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2011-2187	Third Party Advisory
https://www.jwz.org/xscreensaver/changelog.html	Release Notes Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187	Exploit Issue Tracking Third Party Advisory
https://access.redhat.com/security/cve/cve-2011-2187	Third Party Advisory
https://www.openwall.com/lists/oss-security/2011/06/06/17	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:xscreensaver_project:xscreensaver:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Information

Published : 2019-11-27 18:15

Updated : 2019-12-16 14:10

NVD link : CVE-2011-2187

Mitre link : CVE-2011-2187

JSON object : View

Products Affected

xscreensaver_project

xscreensaver

debian

debian_linux

CWE

CWE-306

Missing Authentication for Critical Function

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382", "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2011-2187", "name": "https://security-tracker.debian.org/tracker/CVE-2011-2187", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.jwz.org/xscreensaver/changelog.html", "name": "https://www.jwz.org/xscreensaver/changelog.html", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://access.redhat.com/security/cve/cve-2011-2187", "name": "https://access.redhat.com/security/cve/cve-2011-2187", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.openwall.com/lists/oss-security/2011/06/06/17", "name": "[oss-security] 20110606 Re: CVE Request -- xscreensaver -- exits when activated", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-306"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-2187", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2019-11-27T18:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:xscreensaver_project:xscreensaver:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.14"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-12-16T14:10Z"}