PT-2009-5429 · Sun · Opensolaris+2

Published

2009-09-08

Updated

2009-09-09

CVE-2009-3101

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10 OpenSolaris versions snv 109 through snv 122

Description: The issue is related to improper handling of Trusted Extensions, allowing local users to cause a denial of service by locking the screen. This results in CPU consumption and console hang, and is related to a regression in certain Solaris and OpenSolaris patches.

Recommendations: For xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, consider disabling the screen locking feature to prevent denial of service attacks. For OpenSolaris versions snv 109 through snv 122, restrict access to the screen locking functionality to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2009-3101

Affected Products

Opensolaris

Sun Solaris 10

Xscreensaver

PT-2009-5429 · Sun · Opensolaris+2

CVE-2009-3101

Weakness Enumeration

Related Identifiers

Affected Products

References · 3