CVE-2007-3283 - GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, doe

CVE-2007-3283

Summary

GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console.

References

Vulnerable Configurations

cpe:2.3:o:sun:solaris:8.0:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:solaris:8.0:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*

CVSS

Base:	6.8 (as of 11-10-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:S/C:C/I:C/A:C

oval via4

accepted

2007-08-01T22:26:15.533-04:00

class

vulnerability

contributors

name	Yuzheng Zhou
organization	Opsware, Inc.

definition_extensions

comment Solaris 8 (SPARC) is installed
oval oval:org.mitre.oval:def:1539
comment Solaris 8 (x86) is installed
oval oval:org.mitre.oval:def:2059
comment Solaris 9 (SPARC) is installed
oval oval:org.mitre.oval:def:1457
comment Solaris 9 (x86) is installed
oval oval:org.mitre.oval:def:1683

description

family

unix

oval:org.mitre.oval:def:2037

status

accepted

submitted

2007-06-21T09:00:00.000-04:00

title

GNOME XScreenSaver in Solaris 8 and 9 may Allow Physically Proximate Attackers to Access the Console

version

refmap via4

misc	http://www.jwz.org/xscreensaver/faq.html#root-lock
osvdb	36586
sunalert	101338

Last major update

11-10-2017 - 01:32

Published

19-06-2007 - 22:30

Last modified

11-10-2017 - 01:32