首页 -> 安全研究

安全研究

安全漏洞
XScreenSaver本地口令泄漏漏洞

发布日期:2006-04-11
更新日期:2006-06-06

受影响系统:
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1
Jamie Zawinski XScreenSaver 4.17
Jamie Zawinski XScreenSaver 4.16
Jamie Zawinski XScreenSaver 4.14
AVAYA Interactive Response 1.3
AVAYA Interactive Response 1.2.1
AVAYA Integrated Management 2.1
不受影响系统:
Jamie Zawinski XScreenSaver 4.18
描述:
BUGTRAQ  ID: 17471
CVE(CAN) ID: CVE-2004-2655

XScreenSaver是X窗口系统的一套屏保程序和屏保框架。

XScreenSaver提示用户输入口令解锁屏幕时存在键盘焦点漏洞。XScreenSaver没有正确的保证拥有正确的键盘焦点,这可能将用户口令泄漏给有键盘焦点的程序。这种行为并不常见,因为仅有一些应用程序出现这种焦点错误。

<*链接:http://marc.theaimsgroup.com/?l=bugtraq&m=114962062927164&w=2
        http://secunia.com/advisories/20226/print/
        http://lwn.net/Alerts/184909
*>

建议:
厂商补丁:

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2006:0498-01)以及相应补丁:
RHSA-2006:0498-01:Moderate: xscreensaver security update
链接:http://lwn.net/Alerts/184909

补丁下载:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xscreensaver-3.33-4.rhel21.3.src.rpm
f8a3f186605e8c1e94118d560724cd0c  xscreensaver-3.33-4.rhel21.3.src.rpm

i386:
3f48fa1db2d0c4224dd968a3a4a10033  xscreensaver-3.33-4.rhel21.3.i386.rpm

ia64:
dfe54c3a32cc18cd4cdf4ccfe073cba0  xscreensaver-3.33-4.rhel21.3.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/xscreensaver-3.33-4.rhel21.3.src.rpm
f8a3f186605e8c1e94118d560724cd0c  xscreensaver-3.33-4.rhel21.3.src.rpm

ia64:
dfe54c3a32cc18cd4cdf4ccfe073cba0  xscreensaver-3.33-4.rhel21.3.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/xscreensaver-3.33-4.rhel21.3.src.rpm
f8a3f186605e8c1e94118d560724cd0c  xscreensaver-3.33-4.rhel21.3.src.rpm

i386:
3f48fa1db2d0c4224dd968a3a4a10033  xscreensaver-3.33-4.rhel21.3.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/xscreensaver-3.33-4.rhel21.3.src.rpm
f8a3f186605e8c1e94118d560724cd0c  xscreensaver-3.33-4.rhel21.3.src.rpm

i386:
3f48fa1db2d0c4224dd968a3a4a10033  xscreensaver-3.33-4.rhel21.3.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xscreensaver-4.10-20.src.rpm
aeb44a2230e0891747e7c678e165c2b0  xscreensaver-4.10-20.src.rpm

i386:
32064f1c5108a2fc8d440099113a915f  xscreensaver-4.10-20.i386.rpm
c3c5cbe5a9f4dc689ba1cc8168dfda10  xscreensaver-debuginfo-4.10-20.i386.rpm

ia64:
ac46f647bd7930f3dcf10b74d4f8f9ec  xscreensaver-4.10-20.ia64.rpm
ebf73db97fdda4f4d65e6897050ca206  xscreensaver-debuginfo-4.10-20.ia64.rpm

ppc:
6023bea1b1145194a72487f7418b9c8b  xscreensaver-4.10-20.ppc.rpm
fcb479f611c9053efd9d845bcdbc7ffe  xscreensaver-debuginfo-4.10-20.ppc.rpm

s390:
0e9f6a02afe107a9b52334eb89c0a0b1  xscreensaver-4.10-20.s390.rpm
26f350733c38fc054ea14b3cf8f08b77  xscreensaver-debuginfo-4.10-20.s390.rpm

s390x:
e48435174e377c0c7b78b2f87c16aab5  xscreensaver-4.10-20.s390x.rpm
7772d366de77b390edd9e3593b1d6d5b  xscreensaver-debuginfo-4.10-20.s390x.rpm

x86_64:
83193c35d8ddf707af150d1e507fdc61  xscreensaver-4.10-20.x86_64.rpm
0177ce9d9a124b43310f450212ef271a  xscreensaver-debuginfo-4.10-20.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xscreensaver-4.10-20.src.rpm
aeb44a2230e0891747e7c678e165c2b0  xscreensaver-4.10-20.src.rpm

i386:
32064f1c5108a2fc8d440099113a915f  xscreensaver-4.10-20.i386.rpm
c3c5cbe5a9f4dc689ba1cc8168dfda10  xscreensaver-debuginfo-4.10-20.i386.rpm

x86_64:
83193c35d8ddf707af150d1e507fdc61  xscreensaver-4.10-20.x86_64.rpm
0177ce9d9a124b43310f450212ef271a  xscreensaver-debuginfo-4.10-20.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xscreensaver-4.10-20.src.rpm
aeb44a2230e0891747e7c678e165c2b0  xscreensaver-4.10-20.src.rpm

i386:
32064f1c5108a2fc8d440099113a915f  xscreensaver-4.10-20.i386.rpm
c3c5cbe5a9f4dc689ba1cc8168dfda10  xscreensaver-debuginfo-4.10-20.i386.rpm

ia64:
ac46f647bd7930f3dcf10b74d4f8f9ec  xscreensaver-4.10-20.ia64.rpm
ebf73db97fdda4f4d65e6897050ca206  xscreensaver-debuginfo-4.10-20.ia64.rpm

x86_64:
83193c35d8ddf707af150d1e507fdc61  xscreensaver-4.10-20.x86_64.rpm
0177ce9d9a124b43310f450212ef271a  xscreensaver-debuginfo-4.10-20.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xscreensaver-4.10-20.src.rpm
aeb44a2230e0891747e7c678e165c2b0  xscreensaver-4.10-20.src.rpm

i386:
32064f1c5108a2fc8d440099113a915f  xscreensaver-4.10-20.i386.rpm
c3c5cbe5a9f4dc689ba1cc8168dfda10  xscreensaver-debuginfo-4.10-20.i386.rpm

ia64:
ac46f647bd7930f3dcf10b74d4f8f9ec  xscreensaver-4.10-20.ia64.rpm
ebf73db97fdda4f4d65e6897050ca206  xscreensaver-debuginfo-4.10-20.ia64.rpm

x86_64:
83193c35d8ddf707af150d1e507fdc61  xscreensaver-4.10-20.x86_64.rpm
0177ce9d9a124b43310f450212ef271a  xscreensaver-debuginfo-4.10-20.x86_64.rpm

可使用下列命令安装补丁:

rpm -Fvh [文件名]

Jamie Zawinski
--------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.jwz.org/xscreensaver/xscreensaver-4.24.tar.gz

浏览次数:3304
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客