Vulnerabilities > CVE-2007-3069 - Unspecified vulnerability in SUN Solaris 10.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN sun
nessus
Summary
xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120095-35.NASL description X11 6.6.2_x86: xscreensaver patch. Date this patch was last updated by Sun : Apr/14/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107855 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107855 title Solaris 10 (x86) : 120095-35 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107855); script_version("1.3"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2007-3069", "CVE-2007-3283", "CVE-2008-1356", "CVE-2009-1276", "CVE-2009-2711", "CVE-2009-3432", "CVE-2009-3746", "CVE-2009-3851"); script_name(english:"Solaris 10 (x86) : 120095-35"); script_summary(english:"Check for patch 120095-35"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 120095-35" ); script_set_attribute( attribute:"description", value: "X11 6.6.2_x86: xscreensaver patch. Date this patch was last updated by Sun : Apr/14/14" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/120095-35" ); script_set_attribute(attribute:"solution", value:"Install patch 120095-35 or higher"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-3851"); script_cwe_id(16, 200, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:120095"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/06/06"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"120095-35", obsoleted_by:"", package:"SUNWxwsvr", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWxwsvr"); }NASL family Fedora Local Security Checks NASL id FEDORA_2008-0956.NASL description When enabling the last seen 2020-06-01 modified 2020-06-02 plugin id 30083 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30083 title Fedora 7 : xorg-x11-server-1.3.0.0-16.fc7 (2008-0956) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-0956. # include("compat.inc"); if (description) { script_id(30083); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_cve_id("CVE-2007-3920"); script_bugtraq_id(26188); script_xref(name:"FEDORA", value:"2008-0956"); script_name(english:"Fedora 7 : xorg-x11-server-1.3.0.0-16.fc7 (2008-0956)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "When enabling the 'unredirect fullscreen windows' option, compiz will unredirect fullscreen windows to improve performace. However, unredirecting will as a side effect break any grabs on that window, which compromises most screensavers. This X server update suppresses this unintended side effect and restores the security of the screensavers. See also CVE-2007-3069. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=350271" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=357071" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-January/007194.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f2ef6d99" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xephyr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xorg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-source"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"xorg-x11-server-Xdmx-1.3.0.0-16.fc7")) flag++; if (rpm_check(release:"FC7", reference:"xorg-x11-server-Xephyr-1.3.0.0-16.fc7")) flag++; if (rpm_check(release:"FC7", reference:"xorg-x11-server-Xnest-1.3.0.0-16.fc7")) flag++; if (rpm_check(release:"FC7", reference:"xorg-x11-server-Xorg-1.3.0.0-16.fc7")) flag++; if (rpm_check(release:"FC7", reference:"xorg-x11-server-Xvfb-1.3.0.0-16.fc7")) flag++; if (rpm_check(release:"FC7", reference:"xorg-x11-server-debuginfo-1.3.0.0-16.fc7")) flag++; if (rpm_check(release:"FC7", reference:"xorg-x11-server-sdk-1.3.0.0-16.fc7")) flag++; if (rpm_check(release:"FC7", reference:"xorg-x11-server-source-1.3.0.0-16.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120095.NASL description X11 6.6.2_x86: xscreensaver patch. Date this patch was last updated by Sun : Oct/13/14 This plugin has been deprecated and either replaced with individual 120095 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 24385 published 2007-02-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=24385 title Solaris 10 (x86) : 120095-36 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(24385); script_version("1.39"); script_cvs_date("Date: 2018/07/30 13:40:15"); script_cve_id("CVE-2007-3069", "CVE-2007-3283", "CVE-2008-1356", "CVE-2009-1276", "CVE-2009-2711", "CVE-2009-3432", "CVE-2009-3746", "CVE-2009-3851"); script_name(english:"Solaris 10 (x86) : 120095-36 (deprecated)"); script_summary(english:"Check for patch 120095-36"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "X11 6.6.2_x86: xscreensaver patch. Date this patch was last updated by Sun : Oct/13/14 This plugin has been deprecated and either replaced with individual 120095 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/120095-36" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(16, 200, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 120095 instead.");NASL family Fedora Local Security Checks NASL id FEDORA_2008-0930.NASL description When enabling the last seen 2020-06-01 modified 2020-06-02 plugin id 30082 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30082 title Fedora 8 : xorg-x11-server-1.3.0.0-40.fc8 (2008-0930) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-0930. # include("compat.inc"); if (description) { script_id(30082); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_cve_id("CVE-2007-3920"); script_bugtraq_id(26188); script_xref(name:"FEDORA", value:"2008-0930"); script_name(english:"Fedora 8 : xorg-x11-server-1.3.0.0-40.fc8 (2008-0930)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "When enabling the 'unredirect fullscreen windows' option, compiz will unredirect fullscreen windows to improve performace. However, unredirecting will as a side effect break any grabs on that window, which compromises most screensavers. This X server update suppresses this unintended side effect and restores the security of the screensavers. See also CVE-2007-3069. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=350271" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=363061" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-January/007164.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b8427742" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xephyr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xorg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-source"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"xorg-x11-server-Xdmx-1.3.0.0-40.fc8")) flag++; if (rpm_check(release:"FC8", reference:"xorg-x11-server-Xephyr-1.3.0.0-40.fc8")) flag++; if (rpm_check(release:"FC8", reference:"xorg-x11-server-Xnest-1.3.0.0-40.fc8")) flag++; if (rpm_check(release:"FC8", reference:"xorg-x11-server-Xorg-1.3.0.0-40.fc8")) flag++; if (rpm_check(release:"FC8", reference:"xorg-x11-server-Xvfb-1.3.0.0-40.fc8")) flag++; if (rpm_check(release:"FC8", reference:"xorg-x11-server-debuginfo-1.3.0.0-40.fc8")) flag++; if (rpm_check(release:"FC8", reference:"xorg-x11-server-sdk-1.3.0.0-40.fc8")) flag++; if (rpm_check(release:"FC8", reference:"xorg-x11-server-source-1.3.0.0-40.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_120094-35.NASL description X11 6.6.2: xscreensaver patch. Date this patch was last updated by Sun : Apr/14/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107353 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107353 title Solaris 10 (sparc) : 120094-35 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107353); script_version("1.3"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2007-3069", "CVE-2007-3283", "CVE-2008-1356", "CVE-2009-1276", "CVE-2009-2711", "CVE-2009-3432", "CVE-2009-3746", "CVE-2009-3851"); script_name(english:"Solaris 10 (sparc) : 120094-35"); script_summary(english:"Check for patch 120094-35"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 120094-35" ); script_set_attribute( attribute:"description", value: "X11 6.6.2: xscreensaver patch. Date this patch was last updated by Sun : Apr/14/14" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/120094-35" ); script_set_attribute(attribute:"solution", value:"Install patch 120094-35 or higher"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-3851"); script_cwe_id(16, 200, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:120094"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/06/06"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"120094-35", obsoleted_by:"", package:"SUNWxwsvr", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWxwsvr"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_120094-36.NASL description X11 6.6.2: xscreensaver patch. Date this patch was last updated by Sun : Oct/13/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107354 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107354 title Solaris 10 (sparc) : 120094-36 NASL family Solaris Local Security Checks NASL id SOLARIS10_120094.NASL description X11 6.6.2: xscreensaver patch. Date this patch was last updated by Sun : Oct/13/14 This plugin has been deprecated and either replaced with individual 120094 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 24373 published 2007-02-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=24373 title Solaris 10 (sparc) : 120094-36 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_115299.NASL description X11 6.4.1_x86: xscreensaver patch. Date this patch was last updated by Sun : Apr/16/07 last seen 2020-06-01 modified 2020-06-02 plugin id 25076 published 2007-04-19 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25076 title Solaris 8 (x86) : 115299-01 NASL family Solaris Local Security Checks NASL id SOLARIS8_115298.NASL description X11 6.4.1: xscreensaver patch. Date this patch was last updated by Sun : Apr/16/07 last seen 2020-06-01 modified 2020-06-02 plugin id 25074 published 2007-04-19 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25074 title Solaris 8 (sparc) : 115298-01 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120095-36.NASL description X11 6.6.2_x86: xscreensaver patch. Date this patch was last updated by Sun : Oct/13/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107856 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107856 title Solaris 10 (x86) : 120095-36
Oval
| accepted | 2007-07-10T21:08:50.203-04:00 | ||||
| class | vulnerability | ||||
| contributors |
| ||||
| description | xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence. | ||||
| family | unix | ||||
| id | oval:org.mitre.oval:def:1832 | ||||
| status | accepted | ||||
| submitted | 2007-06-07T14:01:00.000-04:00 | ||||
| title | A Security Vulnerability in How xscreensaver(1) Interacts With GNOME Assistive Technology May Allow Arbitrary Command Execution | ||||
| version | 36 |
References
- http://osvdb.org/36586
- http://osvdb.org/36586
- http://secunia.com/advisories/25531
- http://secunia.com/advisories/25531
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102834-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102834-1
- http://www.securityfocus.com/bid/24314
- http://www.securityfocus.com/bid/24314
- http://www.securitytracker.com/id?1018194
- http://www.securitytracker.com/id?1018194
- http://www.vupen.com/english/advisories/2007/2056
- http://www.vupen.com/english/advisories/2007/2056
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34722
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34722
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1832
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1832