Category
Security
Release Phase
Resolved
Bug Id
6610282
ProductSolaris 10 Operating System
Date of Resolved Release12-Mar-2008
A Security vulnerability exists in the XscreenSaver(1) application (see below for details):
1. Impact
A Security vulnerability exists in the XscreenSaver(1) application in the
Solaris 10 Java Desktop System (JDS) when the GNOME On-Screen Keyboard (GOK)
is being used. This may allow users to bypass authentication to the XscreenSaver
process and gain unauthorized access to data.
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform- Solaris 10 without patch 120094-16
x86 Platform- Solaris 10 without patch 120095-16
Note : Solaris 8 and Solaris 9 are not affected by this issue.
3. Symptoms
Should the described issue occur, the xscreensaver process may crash. If the
affected system has been configured to save core(4) files, the following stack
trace may be seen:
libc.so.1`kill+8(b, 0, 0, 0, 72400, 0)
libc.so.1`__sighndlr+0xc(b, 0, ffbfeba8, 1b448, 0, 0)
libc.so.1`call_user_handler+0x3b8(b, 0, 10, 0, ff3a2000, ffbfeba8)
libgconf-2.so.4.1.0`set_engine+4(0, 8f680, 0, fed59c00, fed59800, fed59800)
libgconf-2.so.4.1.0`gconf_client_get_default+0x124(0, ff33a9f0, 0, 1ee00,
10b4, fee45118)
main_loop+4(ffbff150, 10, 5a0, 63400, 44400, ffbff154)
main+0x430(1, 42c00, 1, 2, 1, 0)
_start+0x108(0, 0, 0, 0, 0, 0)
4. Workaround
There is no workaround for this issue, please see the resolution section below.
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 10 with patch 120094-16 or later
x86 Platform
- Solaris 10 with patch 120095-16 or later
For more information on Security Sun Alerts, see
References
120094-16
120095-16
References
SUNPATCH:120094-16
SUNPATCH:120095-16
AttachmentsThis solution has no attachment