What is the severity of CVE-2003-1294?

CVE-2003-1294 has a moderate severity level due to the potential for local users to perform symlink attacks.

How do I fix CVE-2003-1294?

To fix CVE-2003-1294, users should upgrade to a patched version of Xscreensaver that addresses the insecure temporary file creation.

Which versions of Xscreensaver are affected by CVE-2003-1294?

CVE-2003-1294 affects Xscreensaver versions prior to 4.15, including several earlier versions such as 4.14_5 and 4.10_15.

What type of attack does CVE-2003-1294 enable?

CVE-2003-1294 enables local users to overwrite arbitrary files through a symlink attack by exploiting temporary files created insecurely.

Is CVE-2003-1294 a remote or local vulnerability?

CVE-2003-1294 is classified as a local vulnerability, as it requires local access to the system to exploit.

Vulnerability/
CVE-2003-1294

low

2.1

CWE

NVD-CWE-Other

31/12/2003

28/2/2006

8/8/2024

CVE-2003-1294

First published: Wed Dec 31 2003(Updated: )

Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
XScreenSaver	=4.14_5
XScreenSaver	=4.14_4
XScreenSaver	=4.05_6
XScreenSaver	=4.10_15
XScreenSaver	=4.07_2
XScreenSaver	=4.08_29135cl
XScreenSaver	=4.11_0
XScreenSaver	=4.14_0
XScreenSaver	=4.05_150
XScreenSaver	=4.05_6a
XScreenSaver	=4.12_58
XScreenSaver	=4.10_4
XScreenSaver	=4.14_2
XScreenSaver	=4.05_5cl
XScreenSaver	=4.10_6
XScreenSaver	=4.10_8
XScreenSaver	=4.09_0
XScreenSaver	=4.12_62

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2003-1294?
CVE-2003-1294 has a moderate severity level due to the potential for local users to perform symlink attacks.
How do I fix CVE-2003-1294?
To fix CVE-2003-1294, users should upgrade to a patched version of Xscreensaver that addresses the insecure temporary file creation.
Which versions of Xscreensaver are affected by CVE-2003-1294?
CVE-2003-1294 affects Xscreensaver versions prior to 4.15, including several earlier versions such as 4.14_5 and 4.10_15.
What type of attack does CVE-2003-1294 enable?
CVE-2003-1294 enables local users to overwrite arbitrary files through a symlink attack by exploiting temporary files created insecurely.
Is CVE-2003-1294 a remote or local vulnerability?
CVE-2003-1294 is classified as a local vulnerability, as it requires local access to the system to exploit.

agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/author
agent/severity
agent/last-modified-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/xscreensaver
canonical/xscreensaver
version/xscreensaver/4.14_5
version/xscreensaver/4.14_4
version/xscreensaver/4.05_6
version/xscreensaver/4.10_15
version/xscreensaver/4.07_2
version/xscreensaver/4.08_29135cl
version/xscreensaver/4.11_0
version/xscreensaver/4.14_0
version/xscreensaver/4.05_150
version/xscreensaver/4.05_6a
version/xscreensaver/4.12_58
version/xscreensaver/4.10_4
version/xscreensaver/4.14_2
version/xscreensaver/4.05_5cl
version/xscreensaver/4.10_6
version/xscreensaver/4.10_8
version/xscreensaver/4.09_0
version/xscreensaver/4.12_62

Frequently Asked Questions

What is the severity of CVE-2003-1294?
CVE-2003-1294 has a moderate severity level due to the potential for local users to perform symlink attacks.
How do I fix CVE-2003-1294?
To fix CVE-2003-1294, users should upgrade to a patched version of Xscreensaver that addresses the insecure temporary file creation.
Which versions of Xscreensaver are affected by CVE-2003-1294?
CVE-2003-1294 affects Xscreensaver versions prior to 4.15, including several earlier versions such as 4.14_5 and 4.10_15.
What type of attack does CVE-2003-1294 enable?
CVE-2003-1294 enables local users to overwrite arbitrary files through a symlink attack by exploiting temporary files created insecurely.
Is CVE-2003-1294 a remote or local vulnerability?
CVE-2003-1294 is classified as a local vulnerability, as it requires local access to the system to exploit.

CVE-2003-1294

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2003-1294?

How do I fix CVE-2003-1294?

Which versions of Xscreensaver are affected by CVE-2003-1294?

What type of attack does CVE-2003-1294 enable?

Is CVE-2003-1294 a remote or local vulnerability?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2003-1294?

How do I fix CVE-2003-1294?

Which versions of Xscreensaver are affected by CVE-2003-1294?

What type of attack does CVE-2003-1294 enable?

Is CVE-2003-1294 a remote or local vulnerability?