CVE-2003-0885 : Xscreensaver 4.14 contains certain debugging code that should have been omitted,

Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack.

Published 2003-12-31 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2003-0885

Xscreensaver » Xscreensaver » Version: 4.14
cpe:2.3:a:xscreensaver:xscreensaver:4.14:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2003-0885

EPSS FAQ

0.36%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 55 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2003-0885

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.4	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

Vendor statements for CVE-2003-0885

Red Hat 2006-08-30

This issue did not affect the versions of Xscreensaver as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.

References for CVE-2003-0885

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286

182286 – CVE-2003-1294 xscreensaver temporary file flaws
Vendor Advisory
http://bugs.gentoo.org/show_bug.cgi?id=41253

41253 – [security] xscreensaver 4.14 makes file in /tmp, symlink attack
Exploit;Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2003-0885

Products affected by CVE-2003-0885

Exploit prediction scoring system (EPSS) score for CVE-2003-0885

CVSS scores for CVE-2003-0885

Vendor statements for CVE-2003-0885

References for CVE-2003-0885