CVE-2015-8025 - OpenCVE

driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Xscreensaver Project	Xscreensaver

Configuration 1 [-]

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

Configuration 2 [-]

cpe:2.3:a:xscreensaver_project:xscreensaver:5.33:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html
http://www.debian.org/security/2016/dsa-3438
http://www.openwall.com/lists/oss-security/2015/10/24/2
http://www.openwall.com/lists/oss-security/2015/10/25/1
http://www.openwall.com/lists/oss-security/2015/10/29/12
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.securitytracker.com/id/1034052
http://www.ubuntu.com/usn/USN-2789-1
https://twitter.com/Thaolia/status/656823859304398848
https://www.jwz.org/blog/2015/10/xscreensaver-5-34/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-11-10T16:00:00

Updated: 2024-08-06T08:06:31.810Z

Reserved: 2015-10-29T00:00:00

Link: CVE-2015-8025

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-11-10T17:59:11.653

Modified: 2016-12-07T18:25:59.807

Link: CVE-2015-8025

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-10-24T00:00:00", "descriptions": [{"lang": "en", "value": "driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T22:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.jwz.org/blog/2015/10/xscreensaver-5-34/"}, {"name": "1034052", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034052"}, {"name": "openSUSE-SU-2015:2032", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html"}, {"name": "DSA-3438", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3438"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"name": "[oss-security] 20151024 CVE request: xscreensaver aborts when unpluging second monitor cable when asking password", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/10/24/2"}, {"name": "[oss-security] 20151025 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/10/25/1"}, {"name": "[oss-security] 20151029 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/10/29/12"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/Thaolia/status/656823859304398848"}, {"name": "USN-2789-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2789-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8025", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.jwz.org/blog/2015/10/xscreensaver-5-34/", "refsource": "CONFIRM", "url": "https://www.jwz.org/blog/2015/10/xscreensaver-5-34/"}, {"name": "1034052", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034052"}, {"name": "openSUSE-SU-2015:2032", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html"}, {"name": "DSA-3438", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3438"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"name": "[oss-security] 20151024 CVE request: xscreensaver aborts when unpluging second monitor cable when asking password", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/10/24/2"}, {"name": "[oss-security] 20151025 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/10/25/1"}, {"name": "[oss-security] 20151029 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/10/29/12"}, {"name": "https://twitter.com/Thaolia/status/656823859304398848", "refsource": "MISC", "url": "https://twitter.com/Thaolia/status/656823859304398848"}, {"name": "USN-2789-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2789-1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:06:31.810Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.jwz.org/blog/2015/10/xscreensaver-5-34/"}, {"name": "1034052", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034052"}, {"name": "openSUSE-SU-2015:2032", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html"}, {"name": "DSA-3438", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3438"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"name": "[oss-security] 20151024 CVE request: xscreensaver aborts when unpluging second monitor cable when asking password", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/10/24/2"}, {"name": "[oss-security] 20151025 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/10/25/1"}, {"name": "[oss-security] 20151029 Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/10/29/12"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://twitter.com/Thaolia/status/656823859304398848"}, {"name": "USN-2789-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2789-1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8025", "datePublished": "2015-11-10T16:00:00", "dateReserved": "2015-10-29T00:00:00", "dateUpdated": "2024-08-06T08:06:31.810Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xscreensaver_project:xscreensaver:5.33:*:*:*:*:*:*:*", "matchCriteriaId": "1E905914-5F5A-44E7-BE79-8175DBC53EEE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors."}, {"lang": "es", "value": "driver/subprocs.c en XScreenSaver en versiones anteriores a 5.34 no lleva a cabo correctamente una comprobaci\u00f3n de consistencia interna, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos eludir la pantalla de bloqueo cambiando los monitores sin apagar el dispositivo."}], "id": "CVE-2015-8025", "lastModified": "2016-12-07T18:25:59.807", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-11-10T17:59:11.653", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3438"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2015/10/24/2"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/10/25/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/10/29/12"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1034052"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2789-1"}, {"source": "cve@mitre.org", "url": "https://twitter.com/Thaolia/status/656823859304398848"}, {"source": "cve@mitre.org", "url": "https://www.jwz.org/blog/2015/10/xscreensaver-5-34/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}