Sun Solaris Gnome Assistive Technology XScreenSaver Local Arbitrary Command Execution Vulnerability
TITLE: Sun Solaris Gnome Assistive Technology XScreenSaver Local Arbitrary Command Execution Vulnerability
CLASS: Access Validation Error
CVE:
REMOTE: No
LOCAL: Yes
PUBLISHED: Jun 04 2007 12:00AM
UPDATE: Jun 05 2007 08:00PM
CREDIT: The vendor disclosed this issue.
VULNERABLE:
Sun Solaris 10_x86NOT VULNERABLE:
Sun Solaris 10
Vai alla pagina originale su Security Focus
Discussion
Sun Solaris, running Gnome sessions with Assistive Technology and xscreensaver, is prone to a local arbitrary-command-execution vulnerability.
An attacker can exploit this issue to execute arbitrary commands with the privileges of the user running xscreensaver.
Exploit
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
Solution
Solution:
Sun has released an advisory and fixes to address this issue. Please see the references for more information.
Sun Solaris 10
References
References:
- Sun Solaris Homepage (Sun Microsystems)
- 102834 - A Security Vulnerability in How xscreensaver(1) Interacts With GNOME As (Sun)