CVE-2015-8025

Published: Nov 10, 2015Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.

Affected (2)

Products: Canonical: Ubuntu Linux · Xscreensaver Project: Xscreensaver

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Xscreensaver Project Xscreensaver	Version 5.33

Related CWEs

CWE-264

References (20)

http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3438

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/10/24/2

Source: cve@mitre.org

Exploit

http://www.openwall.com/lists/oss-security/2015/10/25/1

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/10/29/12

Source: cve@mitre.org

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Source: cve@mitre.org

http://www.securitytracker.com/id/1034052

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2789-1

Source: cve@mitre.org

https://twitter.com/Thaolia/status/656823859304398848

Source: cve@mitre.org

https://www.jwz.org/blog/2015/10/xscreensaver-5-34/

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html