PT-2009-3810 · Sun+2 · Solaris+3

Published

2009-04-09

Updated

2009-08-11

CVE-2009-1276

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions XScreenSaver in Sun Solaris versions prior to snv 109 XScreenSaver in Solaris 8 and 9 with GNOME 2.0 or 2.0.2

Description The issue allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked. This can be demonstrated by Thunderbird new-mail notifications.

Recommendations For XScreenSaver in Sun Solaris versions prior to snv 109, update to a version after snv 109 to resolve the issue. For XScreenSaver in Solaris 8 and 9 with GNOME 2.0 or 2.0.2, consider disabling popup windows or new-mail notifications when the screen is locked as a temporary workaround.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2009-1276

Affected Products

Gnome

Solaris

Thunderbird

Xscreensaver

PT-2009-3810 · Sun+2 · Solaris+3

CVE-2009-1276

Weakness Enumeration

Related Identifiers

Affected Products

References · 6