CVE-2009-3100

2022-10-0316:23:55

Debian Security Bug Tracker

security-tracker.debian.org

xscreensaver

denial of service

solaris

4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

13.4%

JSON

xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches.

OSVersionArchitecturePackageVersionFilename
Debian12allxscreensaver< 6.06+dfsg1-3+deb12u1xscreensaver_6.06+dfsg1-3+deb12u1_all.deb
Debian11allxscreensaver< 5.45+dfsg1-2xscreensaver_5.45+dfsg1-2_all.deb
Debian999allxscreensaver< 6.08+dfsg1-1xscreensaver_6.08+dfsg1-1_all.deb
Debian13allxscreensaver< 6.08+dfsg1-1xscreensaver_6.08+dfsg1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	xscreensaver	< 6.06+dfsg1-3+deb12u1	xscreensaver_6.06+dfsg1-3+deb12u1_all.deb
Debian	11	all	xscreensaver	< 5.45+dfsg1-2	xscreensaver_5.45+dfsg1-2_all.deb
Debian	999	all	xscreensaver	< 6.08+dfsg1-1	xscreensaver_6.08+dfsg1-1_all.deb
Debian	13	all	xscreensaver	< 6.08+dfsg1-1	xscreensaver_6.08+dfsg1-1_all.deb