Category
Security
Release Phase
Resolved
ProductSolaris 10 Operating System
Bug Id
6461887
Date of Resolved Release04-JUN-2007
Impact
If GNOME Assistive Technology support has been enabled on a system and a local user locks the terminal using xscreensaver(1) then it may be possible for an individual with physical access to the system to be able to execute arbitrary commands on the system with the privileges of the user running xscreensaver(1).
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 10 without patch 120094-11
x86 Platform
- Solaris 10 without patch 120095-11
Notes:
- Solaris 8 and 9 are not affected by this issue.
- This issue only affects GNOME sessions which had the Assistive Technologies feature enabled when the session was started. To determine if this feature is configured to start at the beginning of a GNOME session, go to the 'Launch' menu and select 'Preferences', then 'Assistive Technology Preferences', and if the 'Enabled Assistive Technology' box is checked, new GNOME sessions are impacted.
Symptoms
There are no predictable symptoms that would indicate the described issue has been exploited.
Workaround
To work around the described issue until patches can be applied, GNOME Assistive Technology can be temporarily disabled by doing the following:
- Go to: Launch menu -> Preferences -> Assistive Technology Preferences
- Uncheck the "Enabled Assistive Technology" choice in the dialog box
- Select the 'Close and Log Out' button to log out of the system and then log in again for the changes to take effect.
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 10 with patch 120094-11 or later
x86 Platform
- Solaris 10 with patch 120095-11 or later
References
120094-11
120095-11
AttachmentsThis solution has no attachment