Vigil@nce: Solaris, insufficient locking of XScreenSaver
April 2009 by Vigil@nce
Popup windows are displayed when XScreenSaver is enabled.
– Severity: 1/4
– Consequences: data reading
– Provenance: user console
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 08/04/2009
IMPACTED PRODUCTS
– OpenSolaris
– Sun Solaris
– Sun Trusted Solaris
DESCRIPTION OF THE VULNERABILITY
The XScreenSaver program is used to lock the screen, and hides the
content of user’s session.
However, new popup windows are displayed on top of the screen
saver. An attacker can therefore read their content.
A local attacker can thus obtain sensitive information displayed
in these popup.
CHARACTERISTICS
– Identifiers: 255308, 6769901, BID-34421, VIGILANCE-VUL-8611
– Url: http://vigilance.fr/vulnerability/Solaris-insufficient-locking-of-XScreenSaver-8611
To change your email preferences (frequency, severity threshold, format):
https://vigilance.fr/?action=2041549901&langue=2