XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
| Link | Tags |
|---|---|
| https://github.com/QubesOS/qubes-issues/issues/6595 | issue tracking third party advisory |
| https://www.openwall.com/lists/oss-security/2021/06/05/1 | mailing list exploit third party advisory |
| https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt | third party advisory exploit |
| https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch | third party advisory patch |
| http://www.openwall.com/lists/oss-security/2021/06/11/1 | third party advisory mailing list |
| http://www.openwall.com/lists/oss-security/2021/07/06/2 | mailing list exploit third party advisory |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV/ | vendor advisory |