Category
Security
Release Phase
Workaround
Bug Id
6859039
Date of Preliminary Release
17-Jul-2009
Date of Workaround Release
22-Sep-2009
1. Impact
A security vulnerability in the Solaris XScreenSaver (see
xscreensaver(1)) program may allow local unprivileged users to read
sensitive information.
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- GNOME 2.0 (Solaris 8)
- GNOME 2.0 (Solaris 9)
- GNOME 2.0.2 (Solaris 9)
- Solaris 10 without patch 120094-26
- OpenSolaris based upon builds snv_01 through snv_120
x86 Platform
- GNOME 2.0 (Solaris 8)
- GNOME 2.0 (Solaris 9)
- GNOME 2.0.2 (Solaris 9)
- Solaris 10 without patch 120095-26
- OpenSolaris based upon builds snv_01 through snv_120
Note: OpenSolaris distributions may include additional bug
fixes above and beyond the build from which it was derived.
The base build can be derived as follows:
$ uname -v
snv_101
Note: Systems are only
impacted by this issue if they have the
package SUNWxwsvr installed.
To determine if this package is installed, the following command can
be run:
$ pkginfo SUNWxwsvr
system SUNWxwsvr XScreenSaver
3. Symptoms
There are no predictable symptoms that would indicate the described
vulnerability has been exploited to reveal sensitive information.
4. Workaround
There is no workaround for this issue. Please see the Resolution
section
below.
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 9 with patch 115158-12 or later
- Solaris 10 with patch 120094-26 or later
- OpenSolaris based upon builds snv_121 or later
x86 Platform
- Solaris 9 with patch 115159-12 or later
- Solaris 10 with patch 120095-26 or later
- OpenSolaris based upon builds snv_121 or later
A final resolution is pending completion for Solaris 8.
For more information on Security Sun Alerts, see Technical Instruction
ID document 1009886.1
Modification History
12-Aug-2009: Updated Contributing Factors and Resolution sections.
22--Sep-2009: Updated Contributing Factors and Resolution sections.
References
120094-26
120095-26
115158-12
115159-12
AttachmentsThis solution has no attachment