CVE-2011-2187 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2011-2187?

CVE-2011-2187 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-2187?

Check the references section above for vendor advisories and patch information. Affected products include: Xscreensaver Project Xscreensaver, Debian Debian Linux.

Vulnerability Description

xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Xscreensaver Project	Xscreensaver	< 5.14
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-306

References

https://access.redhat.com/security/cve/cve-2011-2187Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382ExploitThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187ExploitIssue TrackingThird Party Advisory
https://security-tracker.debian.org/tracker/CVE-2011-2187Third Party Advisory
https://www.jwz.org/xscreensaver/changelog.htmlRelease NotesVendor Advisory
https://www.openwall.com/lists/oss-security/2011/06/06/17Mailing ListThird Party Advisory
https://access.redhat.com/security/cve/cve-2011-2187Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382ExploitThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187ExploitIssue TrackingThird Party Advisory
https://security-tracker.debian.org/tracker/CVE-2011-2187Third Party Advisory
https://www.jwz.org/xscreensaver/changelog.htmlRelease NotesVendor Advisory
https://www.openwall.com/lists/oss-security/2011/06/06/17Mailing ListThird Party Advisory

FAQ

What is CVE-2011-2187?

CVE-2011-2187 is a vulnerability with a CVSS score of 7.8 (HIGH). xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentica...

How severe is CVE-2011-2187?

CVE-2011-2187 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-2187?

Check the references section above for vendor advisories and patch information. Affected products include: Xscreensaver Project Xscreensaver, Debian Debian Linux.