CVE-2003-1294
EPSS 0.10%
Description
Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.
How to fix CVE-2003-1294
To remediate CVE-2003-1294, upgrade the affected package to a fixed version below.
- Debian/xscreensaver—upgrade to 4.15-1 or later
Is CVE-2003-1294 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.15-1