Note: This is an archival copy of Security Sun Alert 200595 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000457.1.
Article ID : 1000457.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-06-03
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

A Security Vulnerability in How xscreensaver(1) Interacts With GNOME Assistive Technology May Allow Arbitrary Command Execution


Release Phase

Solaris 10 Operating System

Bug Id

Date of Resolved Release


If GNOME Assistive Technology support has been enabled on a system and a local user locks the terminal using xscreensaver(1) then it may be possible for an individual with physical access to the system to be able to execute arbitrary commands on the system with the privileges of the user running xscreensaver(1).

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 10 without patch 120094-11

x86 Platform

  • Solaris 10 without patch 120095-11


  1. Solaris 8 and 9 are not affected by this issue.
  2. This issue only affects GNOME sessions which had the Assistive Technologies feature enabled when the session was started. To determine if this feature is configured to start at the beginning of a GNOME session, go to the 'Launch' menu and select 'Preferences', then 'Assistive Technology Preferences', and if the 'Enabled Assistive Technology' box is checked, new GNOME sessions are impacted.


There are no predictable symptoms that would indicate the described issue has been exploited.


To work around the described issue until patches can be applied, GNOME Assistive Technology can be temporarily disabled by doing the following:

  1. Go to: Launch menu -> Preferences -> Assistive Technology Preferences
  2. Uncheck the "Enabled Assistive Technology" choice in the dialog box
  3. Select the 'Close and Log Out' button to log out of the system and then log in again for the changes to take effect.


This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 120094-11 or later

x86 Platform

  • Solaris 10 with patch 120095-11 or later



This solution has no attachment