Executive Summary

Title Sun Alert 249646 A Security Vulnerability in xscreensaver(1) May Display Portions of a Locked Desktop if the Screen is Resized
Name SUN-249646 First vendor Publication 2009-09-22
Vendor Sun Last vendor Modification 2009-09-22
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 1.9 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Product: Solaris 10 Operating System OpenSolaris

A security vulnerability in the xscreensaver(1) program may allow users with physical access to an X(5) display running the Xorg(1) X server (or Xnewt(1M) X server for Sun Ray servers)  which has the X Resize and Rotate (RandR) extension loaded to be able to view portions of the locked screen.

State: Resolved
First released: 22-Sep-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_249646_a_security

CPE : Common Platform Enumeration

Os 354
Os 2

Open Source Vulnerability Database (OSVDB)

Id Description
58278 Solaris xscreensaver RandR Extension Resized Locked Screen Information Disclo...

Nessus® Vulnerability Scanner

Date Description
2007-02-18 Name : The remote host is missing Sun Security Patch number 120094-36
File : solaris10_120094.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote host is missing Sun Security Patch number 120095-36
File : solaris10_x86_120095.nasl - Type : ACT_GATHER_INFO