Vulnerability Description
CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Solaris | 2.6 |
| Sun | Sunos | - |
References
- http://marc.info/?l=bugtraq&m=90831127921062&w=2
- http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F106027&zone_32=411568PatchVendor Advisory
- http://www.securityfocus.com/bid/294PatchVendor Advisory
- http://marc.info/?l=bugtraq&m=90831127921062&w=2
- http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F106027&zone_32=411568PatchVendor Advisory
- http://www.securityfocus.com/bid/294PatchVendor Advisory
FAQ
What is CVE-1999-1025?
CVE-1999-1025 is a vulnerability with a CVSS score of 4.6 (MEDIUM). CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login wit...
How severe is CVE-1999-1025?
CVE-1999-1025 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1025?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Solaris, Sun Sunos.