Vulnerabilities > CVE-2007-3283 - Local Security vulnerability in SUN Solaris 8.0/9.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 4 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120095-35.NASL description X11 6.6.2_x86: xscreensaver patch. Date this patch was last updated by Sun : Apr/14/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107855 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107855 title Solaris 10 (x86) : 120095-35 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107855); script_version("1.3"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2007-3069", "CVE-2007-3283", "CVE-2008-1356", "CVE-2009-1276", "CVE-2009-2711", "CVE-2009-3432", "CVE-2009-3746", "CVE-2009-3851"); script_name(english:"Solaris 10 (x86) : 120095-35"); script_summary(english:"Check for patch 120095-35"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 120095-35" ); script_set_attribute( attribute:"description", value: "X11 6.6.2_x86: xscreensaver patch. Date this patch was last updated by Sun : Apr/14/14" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/120095-35" ); script_set_attribute(attribute:"solution", value:"Install patch 120095-35 or higher"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-3851"); script_cwe_id(16, 200, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:120095"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/06/06"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"120095-35", obsoleted_by:"", package:"SUNWxwsvr", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWxwsvr"); }
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120095.NASL description X11 6.6.2_x86: xscreensaver patch. Date this patch was last updated by Sun : Oct/13/14 This plugin has been deprecated and either replaced with individual 120095 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 24385 published 2007-02-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=24385 title Solaris 10 (x86) : 120095-36 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(24385); script_version("1.39"); script_cvs_date("Date: 2018/07/30 13:40:15"); script_cve_id("CVE-2007-3069", "CVE-2007-3283", "CVE-2008-1356", "CVE-2009-1276", "CVE-2009-2711", "CVE-2009-3432", "CVE-2009-3746", "CVE-2009-3851"); script_name(english:"Solaris 10 (x86) : 120095-36 (deprecated)"); script_summary(english:"Check for patch 120095-36"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "X11 6.6.2_x86: xscreensaver patch. Date this patch was last updated by Sun : Oct/13/14 This plugin has been deprecated and either replaced with individual 120095 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/120095-36" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(16, 200, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 120095 instead.");
NASL family Solaris Local Security Checks NASL id SOLARIS10_120094-35.NASL description X11 6.6.2: xscreensaver patch. Date this patch was last updated by Sun : Apr/14/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107353 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107353 title Solaris 10 (sparc) : 120094-35 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107353); script_version("1.3"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2007-3069", "CVE-2007-3283", "CVE-2008-1356", "CVE-2009-1276", "CVE-2009-2711", "CVE-2009-3432", "CVE-2009-3746", "CVE-2009-3851"); script_name(english:"Solaris 10 (sparc) : 120094-35"); script_summary(english:"Check for patch 120094-35"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 120094-35" ); script_set_attribute( attribute:"description", value: "X11 6.6.2: xscreensaver patch. Date this patch was last updated by Sun : Apr/14/14" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/120094-35" ); script_set_attribute(attribute:"solution", value:"Install patch 120094-35 or higher"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-3851"); script_cwe_id(16, 200, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:120094"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/06/06"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"120094-35", obsoleted_by:"", package:"SUNWxwsvr", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWxwsvr"); }
NASL family Solaris Local Security Checks NASL id SOLARIS10_120094-36.NASL description X11 6.6.2: xscreensaver patch. Date this patch was last updated by Sun : Oct/13/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107354 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107354 title Solaris 10 (sparc) : 120094-36 NASL family Solaris Local Security Checks NASL id SOLARIS10_120094.NASL description X11 6.6.2: xscreensaver patch. Date this patch was last updated by Sun : Oct/13/14 This plugin has been deprecated and either replaced with individual 120094 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 24373 published 2007-02-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=24373 title Solaris 10 (sparc) : 120094-36 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_115299.NASL description X11 6.4.1_x86: xscreensaver patch. Date this patch was last updated by Sun : Apr/16/07 last seen 2020-06-01 modified 2020-06-02 plugin id 25076 published 2007-04-19 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25076 title Solaris 8 (x86) : 115299-01 NASL family Solaris Local Security Checks NASL id SOLARIS8_115298.NASL description X11 6.4.1: xscreensaver patch. Date this patch was last updated by Sun : Apr/16/07 last seen 2020-06-01 modified 2020-06-02 plugin id 25074 published 2007-04-19 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25074 title Solaris 8 (sparc) : 115298-01 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120095-36.NASL description X11 6.6.2_x86: xscreensaver patch. Date this patch was last updated by Sun : Oct/13/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107856 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107856 title Solaris 10 (x86) : 120095-36
Oval
accepted | 2007-08-01T22:26:15.533-04:00 | ||||||||||||||||
class | vulnerability | ||||||||||||||||
contributors |
| ||||||||||||||||
definition_extensions |
| ||||||||||||||||
description | GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console. | ||||||||||||||||
family | unix | ||||||||||||||||
id | oval:org.mitre.oval:def:2037 | ||||||||||||||||
status | accepted | ||||||||||||||||
submitted | 2007-06-21T09:00:00.000-04:00 | ||||||||||||||||
title | GNOME XScreenSaver in Solaris 8 and 9 may Allow Physically Proximate Attackers to Access the Console | ||||||||||||||||
version | 36 |