Vulnerabilities > CVE-2007-3283 - Local Security vulnerability in SUN Solaris 8.0/9.0

047910
CVSS 6.8 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
sun
nessus

Summary

GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console.

Vulnerable Configurations

Part Description Count
OS
Sun
4

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_120095-35.NASL
    descriptionX11 6.6.2_x86: xscreensaver patch. Date this patch was last updated by Sun : Apr/14/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107855
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107855
    titleSolaris 10 (x86) : 120095-35
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(107855);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2007-3069", "CVE-2007-3283", "CVE-2008-1356", "CVE-2009-1276", "CVE-2009-2711", "CVE-2009-3432", "CVE-2009-3746", "CVE-2009-3851");
    
      script_name(english:"Solaris 10 (x86) : 120095-35");
      script_summary(english:"Check for patch 120095-35");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 120095-35"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "X11 6.6.2_x86: xscreensaver patch.
    Date this patch was last updated by Sun : Apr/14/14"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/120095-35"
      );
      script_set_attribute(attribute:"solution", value:"Install patch 120095-35 or higher");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-3851");
      script_cwe_id(16, 200, 287);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:120095");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/06/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/04/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    showrev = get_kb_item("Host/Solaris/showrev");
    if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
    os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
    if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
    full_ver = os_ver[1];
    os_level = os_ver[2];
    if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
    package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
    if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
    package_arch = package_arch[1];
    if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch);
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"120095-35", obsoleted_by:"", package:"SUNWxwsvr", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++;
    
    if (flag) {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : solaris_get_report()
      );
    } else {
      patch_fix = solaris_patch_fix_get();
      if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
      tested = solaris_pkg_tests_get();
      if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWxwsvr");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_120095.NASL
    descriptionX11 6.6.2_x86: xscreensaver patch. Date this patch was last updated by Sun : Oct/13/14 This plugin has been deprecated and either replaced with individual 120095 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id24385
    published2007-02-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=24385
    titleSolaris 10 (x86) : 120095-36 (deprecated)
    code
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2018/03/12. Deprecated and either replaced by
    # individual patch-revision plugins, or has been deemed a
    # non-security advisory.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(24385);
      script_version("1.39");
      script_cvs_date("Date: 2018/07/30 13:40:15");
    
      script_cve_id("CVE-2007-3069", "CVE-2007-3283", "CVE-2008-1356", "CVE-2009-1276", "CVE-2009-2711", "CVE-2009-3432", "CVE-2009-3746", "CVE-2009-3851");
    
      script_name(english:"Solaris 10 (x86) : 120095-36 (deprecated)");
      script_summary(english:"Check for patch 120095-36");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"This plugin has been deprecated."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "X11 6.6.2_x86: xscreensaver patch.
    Date this patch was last updated by Sun : Oct/13/14
    
    This plugin has been deprecated and either replaced with individual
    120095 patch-revision plugins, or deemed non-security related."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/120095-36"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"n/a"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(16, 200, 287);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 120095 instead.");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_120094-35.NASL
    descriptionX11 6.6.2: xscreensaver patch. Date this patch was last updated by Sun : Apr/14/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107353
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107353
    titleSolaris 10 (sparc) : 120094-35
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(107353);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2007-3069", "CVE-2007-3283", "CVE-2008-1356", "CVE-2009-1276", "CVE-2009-2711", "CVE-2009-3432", "CVE-2009-3746", "CVE-2009-3851");
    
      script_name(english:"Solaris 10 (sparc) : 120094-35");
      script_summary(english:"Check for patch 120094-35");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 120094-35"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "X11 6.6.2: xscreensaver patch.
    Date this patch was last updated by Sun : Apr/14/14"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/120094-35"
      );
      script_set_attribute(attribute:"solution", value:"Install patch 120094-35 or higher");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-3851");
      script_cwe_id(16, 200, 287);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:120094");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/06/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/04/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    showrev = get_kb_item("Host/Solaris/showrev");
    if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
    os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
    if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
    full_ver = os_ver[1];
    os_level = os_ver[2];
    if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
    package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
    if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
    package_arch = package_arch[1];
    if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch);
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"120094-35", obsoleted_by:"", package:"SUNWxwsvr", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++;
    
    if (flag) {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : solaris_get_report()
      );
    } else {
      patch_fix = solaris_patch_fix_get();
      if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
      tested = solaris_pkg_tests_get();
      if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWxwsvr");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_120094-36.NASL
    descriptionX11 6.6.2: xscreensaver patch. Date this patch was last updated by Sun : Oct/13/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107354
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107354
    titleSolaris 10 (sparc) : 120094-36
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_120094.NASL
    descriptionX11 6.6.2: xscreensaver patch. Date this patch was last updated by Sun : Oct/13/14 This plugin has been deprecated and either replaced with individual 120094 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id24373
    published2007-02-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=24373
    titleSolaris 10 (sparc) : 120094-36 (deprecated)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_115299.NASL
    descriptionX11 6.4.1_x86: xscreensaver patch. Date this patch was last updated by Sun : Apr/16/07
    last seen2020-06-01
    modified2020-06-02
    plugin id25076
    published2007-04-19
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25076
    titleSolaris 8 (x86) : 115299-01
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_115298.NASL
    descriptionX11 6.4.1: xscreensaver patch. Date this patch was last updated by Sun : Apr/16/07
    last seen2020-06-01
    modified2020-06-02
    plugin id25074
    published2007-04-19
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25074
    titleSolaris 8 (sparc) : 115298-01
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_120095-36.NASL
    descriptionX11 6.6.2_x86: xscreensaver patch. Date this patch was last updated by Sun : Oct/13/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107856
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107856
    titleSolaris 10 (x86) : 120095-36

Oval

accepted2007-08-01T22:26:15.533-04:00
classvulnerability
contributors
nameYuzheng Zhou
organizationOpsware, Inc.
definition_extensions
  • commentSolaris 8 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1539
  • commentSolaris 8 (x86) is installed
    ovaloval:org.mitre.oval:def:2059
  • commentSolaris 9 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1457
  • commentSolaris 9 (x86) is installed
    ovaloval:org.mitre.oval:def:1683
descriptionGNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console.
familyunix
idoval:org.mitre.oval:def:2037
statusaccepted
submitted2007-06-21T09:00:00.000-04:00
titleGNOME XScreenSaver in Solaris 8 and 9 may Allow Physically Proximate Attackers to Access the Console
version36