---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/ ---------------------------------------------------------------------- TITLE: Fedora update for xscreensaver, tempest, and rss-glx SECUNIA ADVISORY ID: SA27392 VERIFY ADVISORY: http://secunia.com/advisories/27392/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: Local system OPERATING SYSTEM: Fedora 7 http://secunia.com/product/15552/ DESCRIPTION: Fedora has issued updates for xscreensaver, tempest, and rss-glx. These fix a security issue, which can be exploited by malicious people with physical access to a system to bypass certain security restrictions. The security issue is caused due to xscreensaver crashing when packages which contain GL xscreensaver hacks (e.g. rss-glx-xscreensaver) are installed and the "xscreensaver-gl-helper" binary is missing. This can be exploited to bypass the xscreensaver unlocking dialog and gain access to a locked session. SOLUTION: Apply updated packages. 72e962e7d15b7d9b9174358b0935399d0f84c1ed xscreensaver-base-5.03-12.fc7.ppc64.rpm 1b1668c86c05a2a39501ca05305d46005129d3db xscreensaver-gl-extras-gss-5.03-12.fc7.ppc64.rpm 24535527f2da18f5c7cab8081a49206209c69c88 xscreensaver-debuginfo-5.03-12.fc7.ppc64.rpm d395190a40f324596d637bcbf76b5262dd26af79 xscreensaver-extras-gss-5.03-12.fc7.ppc64.rpm 6f8f00d899c0a58631bc61b9621661ad0895d197 xscreensaver-gl-extras-5.03-12.fc7.ppc64.rpm d7c4f66180614300877c75250c203d090df14ec0 xscreensaver-extras-5.03-12.fc7.ppc64.rpm d1ebbc31e1c81533883a025f013e8b25521ab43c xscreensaver-5.03-12.fc7.ppc64.rpm 9401a1f9eebe74f29dd7a4d365cc0ac88f1c45f5 xscreensaver-gl-base-5.03-12.fc7.ppc64.rpm 5a4981a411919db94f2074bfcf9e1b175e9626ea xscreensaver-gl-base-5.03-12.fc7.i386.rpm b3c270fa8efb3e4acaedb95cf8a6b284a8132488 xscreensaver-gl-extras-5.03-12.fc7.i386.rpm 9f44a8153be4bf830f5d97254fe753d5e89d9c98 xscreensaver-base-5.03-12.fc7.i386.rpm 1c023d71b30c2bbb5bf7fc5cd8569b9eaa71fbde xscreensaver-extras-5.03-12.fc7.i386.rpm e6ac4a93f3764d5803757e443ab212bc08029fed xscreensaver-gl-extras-gss-5.03-12.fc7.i386.rpm bd91444724e671234debf05b532e0ad16379e3f0 xscreensaver-extras-gss-5.03-12.fc7.i386.rpm 91b34cf194a4aa15642e4d6d648c6f524244a1ef xscreensaver-5.03-12.fc7.i386.rpm 133a737c6c8026927130a20a02588474feeab45e xscreensaver-debuginfo-5.03-12.fc7.i386.rpm 06124bf05d156132c15e39f2a40ff4dad4f0c071 xscreensaver-gl-base-5.03-12.fc7.x86_64.rpm 806b54ca6e430815436ab39bf4654e8b8ef12848 xscreensaver-gl-extras-gss-5.03-12.fc7.x86_64.rpm 43b05faa493608111d0fb4d05da36e763acd657d xscreensaver-gl-extras-5.03-12.fc7.x86_64.rpm 775b84067d05bf1a805dec269a538e48eb7c8851 xscreensaver-5.03-12.fc7.x86_64.rpm 6f1216148e2e787d1d9ee549f2320053efed6891 xscreensaver-extras-gss-5.03-12.fc7.x86_64.rpm 534e6566517210f9f82cbeffa8025c110e27d53a xscreensaver-debuginfo-5.03-12.fc7.x86_64.rpm 0e2e21c32368cd5e5170ee0f605e9801149b768a xscreensaver-base-5.03-12.fc7.x86_64.rpm 8e474684f3dec44e614e5e96619bf8fe5bf024f1 xscreensaver-extras-5.03-12.fc7.x86_64.rpm e1a6f8edb9e6b5246ee82120e84e3f8ce7f95475 xscreensaver-5.03-12.fc7.ppc.rpm e57175e44ade81791fdcfdfd75595cab1cf02028 xscreensaver-gl-base-5.03-12.fc7.ppc.rpm 89c87c86050e422888d014d945094620932fb544 xscreensaver-gl-extras-gss-5.03-12.fc7.ppc.rpm 8e5ba07c80f17b134d69cf4f5535e062362b56a5 xscreensaver-debuginfo-5.03-12.fc7.ppc.rpm c479af9469bfaf7290e179a39dffc4c7a060834e xscreensaver-extras-5.03-12.fc7.ppc.rpm 6342fc5b575ce2bbd2a476b97badaaa4ab1265e3 xscreensaver-gl-extras-5.03-12.fc7.ppc.rpm 824193b15833035fb095cc6b1fae0bd483847627 xscreensaver-base-5.03-12.fc7.ppc.rpm f9f1800b9032a155eca9802c51f4959b78c00e0c xscreensaver-extras-gss-5.03-12.fc7.ppc.rpm 5111f16c6eb58d87ea140db1875755614c1c9745 xscreensaver-5.03-12.fc7.src.rpm 4740a12c68ce8636caa30f341379aaafe00cf37f tempest-kde-0-0.4.20070929.fc7.ppc64.rpm 439106aa48bcc11f2f38970020b80512b4601839 tempest-debuginfo-0-0.4.20070929.fc7.ppc64.rpm 0703a384c747e3b57043a19837ee9295906a8ef6 tempest-xscreensaver-0-0.4.20070929.fc7.ppc64.rpm 56289a9cb324fe1d34340e7942ce03ad58e91852 tempest-gnome-screensaver-0-0.4.20070929.fc7.ppc64.rpm 65c2e3b9c24320a75d1d8f829bcad7b077e6cc05 tempest-0-0.4.20070929.fc7.ppc64.rpm 59eeb9714c0b47f2e126119e0241dfc79434adbc tempest-xscreensaver-0-0.4.20070929.fc7.i386.rpm 19264ae32e678d498b67aa57ba01a8e51e023728 tempest-kde-0-0.4.20070929.fc7.i386.rpm 7b5219144298b81b37dc60ef8b30ac84fe7d5106 tempest-0-0.4.20070929.fc7.i386.rpm a9252b0cdf5a10d9ef7428db6ea3442183eea81c tempest-gnome-screensaver-0-0.4.20070929.fc7.i386.rpm 22a258c8b4fcb257a00d573fc3a3d8df83502999 tempest-debuginfo-0-0.4.20070929.fc7.i386.rpm 6a0a31f93142975d4646a2a6f7b85cee38f927fe tempest-debuginfo-0-0.4.20070929.fc7.x86_64.rpm 757356c9386656b87c6b9c92180a74efe05b1b7e tempest-gnome-screensaver-0-0.4.20070929.fc7.x86_64.rpm e97b8f23a512b6235573065653eec7dcc69f0fa0 tempest-xscreensaver-0-0.4.20070929.fc7.x86_64.rpm 7a45a8f412a4364714030ce98a892eaba6c4af5d tempest-0-0.4.20070929.fc7.x86_64.rpm 5c7660d317e75a72b2406b564cce2df07d42da7a tempest-kde-0-0.4.20070929.fc7.x86_64.rpm 0830ff0226a690e4f7f4f8037fb4b038dd18b520 tempest-debuginfo-0-0.4.20070929.fc7.ppc.rpm dba6f446d3f074b1cf6d02fba02ab46811be1228 tempest-gnome-screensaver-0-0.4.20070929.fc7.ppc.rpm 1cf5767dca3d6b5813db0c003513dbc6b3ca079c tempest-0-0.4.20070929.fc7.ppc.rpm 15426c88141a503da051baf6f7ecfe9c0ba9e1a0 tempest-kde-0-0.4.20070929.fc7.ppc.rpm 1316e4f13af1676c05865799346b13917c15c68b tempest-xscreensaver-0-0.4.20070929.fc7.ppc.rpm 736f7ec55d860b6238abe4d3e91b87046afc51ae tempest-0-0.4.20070929.fc7.src.rpm 090e62166c8dcf1ca01e4e6e4fea14bdab9b1b2d rss-glx-debuginfo-0.8.1.p-15.fc7.ppc64.rpm f671868d9608c8905681309c04e417c70f5a781d rss-glx-0.8.1.p-15.fc7.ppc64.rpm 194530d0544041586521d2d969b0d5819b60fa9b rss-glx-gnome-screensaver-0.8.1.p-15.fc7.ppc64.rpm a2f35250d288a07a3b69d798985592c2d0e5160b rss-glx-kde-0.8.1.p-15.fc7.ppc64.rpm 2bb0f4275801e23c94ed6a8b70959c052b7d7731 rss-glx-xscreensaver-0.8.1.p-15.fc7.ppc64.rpm c93eaebc762f7e9616747758d99b9eea2dfbe98a rss-glx-kde-0.8.1.p-15.fc7.i386.rpm 6c041ee34cdc3f165efab9b1da6ac4779b78596c rss-glx-xscreensaver-0.8.1.p-15.fc7.i386.rpm f84a156428cd84a9766ca45eb9bd406beffd8a8e rss-glx-0.8.1.p-15.fc7.i386.rpm 4863f633bea1301c50440779852d965742218c92 rss-glx-debuginfo-0.8.1.p-15.fc7.i386.rpm 1017b5fd2685d8f08bfc09874ab7aa64db3ff958 rss-glx-gnome-screensaver-0.8.1.p-15.fc7.i386.rpm 37c66e59cdf94f46197bf282d56d2eceef669a93 rss-glx-0.8.1.p-15.fc7.x86_64.rpm 079a244fe1721e2235743a117ae4957694a64a27 rss-glx-xscreensaver-0.8.1.p-15.fc7.x86_64.rpm fd375fcb97294f0f639fc8d13f29c2f80b69ddb8 rss-glx-debuginfo-0.8.1.p-15.fc7.x86_64.rpm 3cee3d0fde9337d32181fe5bf04a49b95166becd rss-glx-gnome-screensaver-0.8.1.p-15.fc7.x86_64.rpm cf148e049ab4e3976bb7ff5f34f45805ec5c6bf9 rss-glx-kde-0.8.1.p-15.fc7.x86_64.rpm c7b5c404860568d1f043a8b2a3c5c5d48caeb450 rss-glx-xscreensaver-0.8.1.p-15.fc7.ppc.rpm 55fe6f201d7a305702cac1626bcaf7df2a1dcf78 rss-glx-debuginfo-0.8.1.p-15.fc7.ppc.rpm d690d10c2190ae9f4352939159e4586d71303aea rss-glx-0.8.1.p-15.fc7.ppc.rpm 0c6b0b64f289052b8817a50f7e2dd2e2b1070505 rss-glx-kde-0.8.1.p-15.fc7.ppc.rpm 9ed17fbe3dd7ca1fa4e772e80c2d7462df133c68 rss-glx-gnome-screensaver-0.8.1.p-15.fc7.ppc.rpm 83ad6d0f2c09c9f36f4016b29f8476264a6466fa rss-glx-0.8.1.p-15.fc7.src.rpm PROVIDED AND/OR DISCOVERED BY: Patrick C. F. Ernzer ORIGINAL ADVISORY: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00334.html https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00335.html https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00336.html https://bugzilla.redhat.com/show_bug.cgi?id=336331 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------