Note: This is an archival copy of Security Sun Alert 200595 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000457.1.
Solaris 10 Operating System
Date of Resolved Release
If GNOME Assistive Technology support has been enabled on a system and a local user locks the terminal using xscreensaver(1) then it may be possible for an individual with physical access to the system to be able to execute arbitrary commands on the system with the privileges of the user running xscreensaver(1).
This issue can occur in the following releases:
There are no predictable symptoms that would indicate the described issue has been exploited.
To work around the described issue until patches can be applied, GNOME Assistive Technology can be temporarily disabled by doing the following:
This issue is addressed in the following releases:
This solution has no attachment