Test ID:	1.3.6.1.4.1.25623.1.0.56764
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2006:0498
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2006:0498. XScreenSaver is a collection of screensavers. A keyboard focus flaw was found in the way XScreenSaver prompts the user to enter their password to unlock the screen. XScreenSaver did not properly ensure it had proper keyboard focus, which could leak a users password to the program with keyboard focus. This behavior is not common, as only certain applications exhibit this focus error. (CVE-2004-2655) Several flaws were found in the way various XScreenSaver screensavers create temporary files. It may be possible for a local attacker to create a temporary file in way that could overwrite a different file to which the user running XScreenSaver has write permissions. (CVE-2003-1294) Users of XScreenSaver should upgrade to this updated package, which contains backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0498.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 5.4
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1294 20060602-01-U ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc 20224 http://secunia.com/advisories/20224 20226 http://secunia.com/advisories/20226 20456 http://secunia.com/advisories/20456 20782 http://secunia.com/advisories/20782 9125 http://www.securityfocus.com/bid/9125 ADV-2006-1948 http://www.vupen.com/english/advisories/2006/1948 RHSA-2006:0498 http://www.redhat.com/support/errata/RHSA-2006-0498.html http://jwz.livejournal.com/310943.html http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm http://www.novell.com/linux/download/updates/90_i386.html https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286 oval:org.mitre.oval:def:10848 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10848 Common Vulnerability Exposure (CVE) ID: CVE-2004-2655 1016150 http://securitytracker.com/id?1016150 1016151 http://securitytracker.com/id?1016151 17471 http://www.securityfocus.com/bid/17471 22080 http://secunia.com/advisories/22080 MDKSA-2006:071 http://www.mandriva.com/security/advisories?name=MDKSA-2006:071 SUSE-SR:2006:023 http://www.novell.com/linux/security/advisories/2006_23_sr.html USN-269-1 https://usn.ubuntu.com/269-1/ http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2004-08/0018.html http://www.jwz.org/xscreensaver/changelog.html https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188149 oval:org.mitre.oval:def:10096 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10096
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.