Note: This is an archival copy of Security Sun Alert 264048 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020746.1.
Article ID : 1020746.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-10-22
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the Solaris XScreenSaver (xscreensaver(1)) Program May Allow Unauthorized Access to Sensitive Information

Category
Security

Release Phase
Workaround

Bug Id
6859039

Date of Preliminary Release
17-Jul-2009

Date of Workaround Release
22-Sep-2009

1. Impact

A security vulnerability in the Solaris XScreenSaver (see xscreensaver(1)) program may allow local unprivileged users to read sensitive information.

2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform
  • GNOME 2.0 (Solaris 8)
  • GNOME 2.0 (Solaris 9)
  • GNOME 2.0.2 (Solaris 9)
  • Solaris 10 without patch 120094-26
  • OpenSolaris based upon builds snv_01 through snv_120
x86 Platform
  • GNOME 2.0 (Solaris 8)
  • GNOME 2.0 (Solaris 9)
  • GNOME 2.0.2 (Solaris 9)
  • Solaris 10 without patch 120095-26
  • OpenSolaris based upon builds snv_01 through snv_120

Note: OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived.

The base build can be derived as follows:

 $ uname -v
 snv_101

Note: Systems are only impacted by this issue if they have the package SUNWxwsvr installed.

To determine if this package is installed, the following command can be run:

 $ pkginfo SUNWxwsvr
 system SUNWxwsvr XScreenSaver

3. Symptoms

There are no predictable symptoms that would indicate the described vulnerability has been exploited to reveal sensitive information.

4. Workaround

There is no workaround for this issue. Please see the Resolution section below.

5. Resolution

This issue is addressed in the following releases:

SPARC Platform
  • Solaris 9 with patch 115158-12 or later
  • Solaris 10 with patch 120094-26 or later
  • OpenSolaris based upon builds snv_121 or later
x86 Platform
  • Solaris 9 with patch 115159-12 or later
  • Solaris 10 with patch 120095-26 or later
  • OpenSolaris based upon builds snv_121 or later
A final resolution is pending completion for Solaris 8.

For more information on Security Sun Alerts, see Technical Instruction ID document 1009886.1


Modification History
12-Aug-2009: Updated Contributing Factors and Resolution sections.
22--Sep-2009: Updated Contributing Factors and Resolution sections.

References

120094-26
120095-26
115158-12
115159-12





Attachments
This solution has no attachment