Note: This is an archival copy of Security Sun Alert 259388 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020486.1.
Solaris 10 Operating System
Date of Resolved Release
A security vulnerability involving xscreensaver(1) and Assistive Technology Support:
A security vulnerability involving xscreensaver(1) and Assistive Technology Support may allow a local user with physical access to a system to be able to unlock an X display which has been locked using xscreensaver(1) and thus gain unauthorized access to the system.
2. Contributing Factors
This issue can occur in the following releases:
Note 2: OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. To determine the base build of OpenSolaris, the following command can be used:
$ uname -vThis issue only occurs on systems that have the "Assistive Technologies" feature enabled. To determine if this feature is enabled, the following command can be used:
$ gnome-at-propertiesIn the popup box, "Enable Assistive Technologies" will be checked.
There are no predictable symptoms that would indicate the described vulnerability has been exploited.
To work around the described issue, Assistive Technology can be temporarily disabled by using the following command:
$gnome-at-propertiesUncheck "Enable Assistive Technologies" in the popup box.
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment