ID CVE-2007-3069
Summary xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*
CVSS
Base: 4.6 (as of 11-10-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2007-07-10T21:08:50.203-04:00
class vulnerability
contributors
name Pai Peng
organization Opsware, Inc.
description xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.
family unix
id oval:org.mitre.oval:def:1832
status accepted
submitted 2007-06-07T14:01:00.000-04:00
title A Security Vulnerability in How xscreensaver(1) Interacts With GNOME Assistive Technology May Allow Arbitrary Command Execution
version 32
refmap via4
bid 24314
osvdb 36586
sectrack 1018194
secunia 25531
sunalert 102834
vupen ADV-2007-2056
xf sun-xscreensaver-command-execution(34722)
Last major update 11-10-2017 - 01:32
Published 06-06-2007 - 10:30
Back to Top