Note: This is an archival copy of Security Sun Alert 234661 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019091.1.
Solaris 10 Operating System
Date of Resolved Release
A Security vulnerability exists in the XscreenSaver(1) application (see below for details):
1. ImpactA Security vulnerability exists in the XscreenSaver(1) application in the
Solaris 10 Java Desktop System (JDS) when the GNOME On-Screen Keyboard (GOK)
is being used. This may allow users to bypass authentication to the XscreenSaver
process and gain unauthorized access to data.
2. Contributing FactorsThis issue can occur in the following releases:
3. SymptomsShould the described issue occur, the xscreensaver process may crash. If the
affected system has been configured to save core(4) files, the following stack
trace may be seen:
libc.so.1`kill+8(b, 0, 0, 0, 72400, 0)
libc.so.1`__sighndlr+0xc(b, 0, ffbfeba8, 1b448, 0, 0)
libc.so.1`call_user_handler+0x3b8(b, 0, 10, 0, ff3a2000, ffbfeba8)
libgconf-2.so.4.1.0`set_engine+4(0, 8f680, 0, fed59c00, fed59800, fed59800)
libgconf-2.so.4.1.0`gconf_client_get_default+0x124(0, ff33a9f0, 0, 1ee00,
main_loop+4(ffbff150, 10, 5a0, 63400, 44400, ffbff154)
main+0x430(1, 42c00, 1, 2, 1, 0)
_start+0x108(0, 0, 0, 0, 0, 0)
4. WorkaroundThere is no workaround for this issue, please see the resolution section below.
5. ResolutionThis issue is addressed in the following releases:
This solution has no attachment