SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  XScreenSaver Vendors:  Gnome Development Team
GNOME Desktop on Solaris May Not Let Root Users Lock the Screen
SecurityTracker Alert ID:  1007809
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 25 2003
Impact:  User access via local system
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): Gnome 2.0
Description:  A vulnerability was reported in the Gnome desktop in XScreenSaver, as distributed on Sun Solaris. Certain users may not be able to lock the screen.

Sun reported that root users running the GNOME desktop cannot lock the screen via XScreenSaver. Additional information is available at:

GNOME 2.0 (for Solaris 8 or 9) is affected.

[Editor's note: It appears that this may be a design feature of XScreenSaver intended to minimize security issues of running the screen saver with root privileges. See: http://www.jwz.org/xscreensaver/faq.html#root-lock]
Impact:  A root user cannot lock the screen using the screen saver.
Solution:  Sun has also released the following fix for Solaris 9:

SPARC Platform

GNOME 2.0 (for Solaris 9) with patch 115158-03 or later

x86 Platform

GNOME 2.0 (for Solaris 9) with patch 115159-03 or later

A final solution for Solaris 8 is pending.

As a workaround, Sun reports that you can use xlock(1) from a command line.
Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F56720 (Links to External Site)
Cause:  State error
Underlying OS:  UNIX (Solaris - SunOS)
Underlying OS Comments:  8, 9

Message History:   None.

 Source Message Contents
Date:  Wed, 24 Sep 2003 09:18:34 -0400
Subject:  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F56720

 

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F56720

56720   GNOME 2.0 XScreenSaver Will Not Lock as Root   23 Sep 2003

Sun reported that root users running the GNOME desktop cannot lock the screen via 
XScreenSaver.  Additional information is available at:

http://www.jwz.org/xscreensaver/faq.html#root-lock


GNOME 2.0 (for Solaris 8 or 9) is affected.


As a workaround, Sun reports that you can use xlock(1) from a command line.

Sun has also released the following fix for Solaris 9:

SPARC Platform

GNOME 2.0 (for Solaris 9) with patch 115158-03 or later

x86 Platform

GNOME 2.0 (for Solaris 9) with patch 115159-03 or later

A final solution for Solaris 8 is pending.

-----

Sun Alert ID: 56720
Synopsis: GNOME 2.0 XScreenSaver Will Not Lock as Root
Category: Security
Product: Solaris
BugIDs: 4849641
Avoidance: Workaround
State: Committed
Date Released: 23-Sep-2003
Date Closed:
Date Modified:


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC