CVE-1999-1025

Name of the Vulnerable Software and Affected Versions CDE screen lock program (screenlock) on Solaris version 2.6

Description The issue concerns the CDE screen lock program, which fails to properly lock an unprivileged user's console session when the host is an NIS+ client. This allows others with physical access to login with any string, potentially compromising the security of the system.

Recommendations For Solaris 2.6, consider disabling the CDE screen lock program until a proper fix is available, or ensure that physical access to the console is restricted to authorized personnel to minimize the risk of exploitation.