CVE-2008-0887

NameCVE-2008-0887
Descriptiongnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs475154

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnome-screensaver (PTS)stretch3.6.1-7fixed
buster3.6.1-10fixed
bullseye, sid3.6.1-13fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnome-screensaversource(unstable)2.22.2-1low475154

Notes

[etch] - gnome-screensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964)

Search for package or bug name: Reporting problems