Improper Privilege Management Affecting xscreensaver package, versions <5.45+dfsg1-2


Severity

Recommended
0.0
high
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.04% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Improper Privilege Management vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-DEBIAN11-XSCREENSAVER-1253138
  • published22 Apr 2021
  • disclosed21 Apr 2021

Introduced: 21 Apr 2021

CVE-2021-31523  (opens in a new tab)
CWE-269  (opens in a new tab)

How to fix?

Upgrade Debian:11 xscreensaver to version 5.45+dfsg1-2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream xscreensaver package and not the xscreensaver package as distributed by Debian. See How to fix? for Debian:11 relevant fixed versions and status.

The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency.

CVSS Base Scores

version 3.1