Description
driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.
References (10)
Core 10
Core References
Various Sources x_refsource_confirm
https://www.jwz.org/blog/2015/10/xscreensaver-5-34/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034052
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3438
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/24/2
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/25/1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/29/12
Various Sources x_refsource_misc
https://twitter.com/Thaolia/status/656823859304398848
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2789-1
Scores
EPSS
0.0051
EPSS Percentile
40.0%
Details
CWE
CWE-264
Status
published
Products (2)
canonical/ubuntu_linux
12.04
xscreensaver_project/xscreensaver
5.33
Published
Nov 10, 2015
Tracked Since
Feb 18, 2026