Note: This is an archival copy of Security Sun Alert 270809 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1021101.1.
Solaris 10 Operating System
Date of Resolved Release
A security vulnerability in Solaris Trusted Extensions may result in a condition that prevents XScreenSaver (xscreensaver(1)) from running:
A security vulnerability in Solaris Trusted Extensions may result in a condition that prevents XScreenSaver (xscreensaver(1)) from running. The screen may not lock if a user chooses to lock the screen from the JDS menu or if the screen is left unattended. This condition occurs when trying to restart XScreenSaver using "xscreensaver-demo".
2. Contributing Factors
This issue can occur in the following releases:
Note 2: This issue only impacts Solaris 10 systems that have installed and configured Solaris Trusted Extensions.
To determine if a system is configured with Trusted Extensions, the following command can be run:
$ svcs /system/labeldIf the state is disabled or if "/system/labeld" service is not listed, then the system is not configured to use Trusted Extensions.
Note 3: This issue only occurs when a user is logged into JDS.
If the described issue occurs, the XScreenSaver (xscreensaver(1)) process will not be running. This can be determined by running the following command:
$ /usr/openwin/bin/xscreensaver-command -versionIf the above command reports:
no screensaver is running on display <hostname>:NN.Nthen the XScreenSaver (xscreensaver(1)) process is not running.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment