QwikSec

Security Database

CVE

CWE

Training

CVE-2021-34557

Published: Jun 10, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/QubesOS/qubes-issues/issues/6595

x_refsource_MISC

https://www.openwall.com/lists/oss-security/2021/06/05/1

x_refsource_MISC

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt

x_refsource_MISC

https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch

x_refsource_MISC

[oss-security] 20210611 Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock

mailing-list

x_refsource_MLIST

[oss-security] 20210706 xscreensaver 5.45 crash

mailing-list

x_refsource_MLIST

FEDORA-2021-5af4452ffd

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.