Vulnerability Details : CVE-2003-0885
Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack.
Exploit prediction scoring system (EPSS) score for CVE-2003-0885
Probability of exploitation activity in the next 30 days: 0.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 48 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2003-0885
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:P |
10.0
|
4.9
|
NIST |
Vendor statements for CVE-2003-0885
-
Red Hat 2006-08-30This issue did not affect the versions of Xscreensaver as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
-
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286
Vendor Advisory
-
http://bugs.gentoo.org/show_bug.cgi?id=41253
Exploit;Patch;Vendor Advisory
- cpe:2.3:a:xscreensaver:xscreensaver:4.14:*:*:*:*:*:*:*