---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Sun Solaris XScreenSaver PopUp Window Information Disclosure SECUNIA ADVISORY ID: SA36170 VERIFY ADVISORY: http://secunia.com/advisories/36170/ DESCRIPTION: A security issue has been reported in Sun Solaris, which can potentially be exploited by malicious people with physical access to an affected system to disclose sensitive information. The security issue is caused due to an unspecified error that can result in popup windows appearing through the lock screen and potential exposure of sensitive information. NOTE: This affects only systems where the XScreenSaver program is used with the Xorg server or derivatives such as Xnewt(1M) from the Sun Ray software. This may also affect setups where the Xorg server is used remotely, therefore Solaris 8 and 9 may also be affected if they are used remotely to connect to another host that does contain the Xorg server. The security issue is reported in X11 6.4.1 (for Solaris 8), Solaris 9, and Solaris 10 for both the SPARC and x86 platform. SOLUTION: Apply patches. -- SPARC Platform -- X11 6.4.1 (for Solaris 8): Apply patch 115298-02 or later. http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-115298-02-1 Solaris 9: Apply patch 115158-11 or later. http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-115158-11-1 Solaris 10: Apply patch 120094-23 or later. http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-120094-23-1 OpenSolaris: Fixed in build snv_120 or later. -- x86 Platform -- X11 6.4.1 (for Solaris 8): Apply patch 115299-02 or later. http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-115299-02-1 Solaris 9: Apply patch 115159-11 or later. http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-115159-11-1 Solaris 10: Apply patch 120095-23 or later. http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-120095-23-1 OpenSolaris: Fixed in build snv_120 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-258928-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------