Executive Summary
Summary | |
---|---|
Title | Sun Alert 258928 A Security Vulnerability May Allow Popup Windows to Appear Through the Solaris XScreenSaver Program on Xorg(1) Servers |
Informations | |||
---|---|---|---|
Name | SUN-258928 | First vendor Publication | 2009-08-05 |
Vendor | Sun | Last vendor Modification | 2009-08-05 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.9 | Attack Range | Local |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 8 Operating System Solaris 9 Operating System Solaris 10 Operating System OpenSolaris A security vulnerability in the Solaris XScreenSaver (see xscreensaver(1)) program may allow popup windows to appear through the lock screen and expose sensitive data on Xorg(1) servers (or Xnewt(1M) servers in the case of Sun Ray setups). State: Resolved First released: 05-Aug-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_258928_a_security |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5838 | |||
Oval ID: | oval:org.mitre.oval:def:5838 | ||
Title: | A Security Vulnerability May Allow Popup Windows to Appear Through the Solaris XScreenSaver Program on Xorg(1) Servers | ||
Description: | XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2711 | Version: | 1 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56854 | Solaris XScreenSaver (xscreensaver(1)) PopUp Window Information Disclosure |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-02-18 | Name : The remote host is missing Sun Security Patch number 120094-36 File : solaris10_120094.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 120095-36 File : solaris10_x86_120095.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 115158-14 File : solaris9_115158.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 115159-14 File : solaris9_x86_115159.nasl - Type : ACT_GATHER_INFO |