Delayed xlock process execution during power management on Solaris 2.4-2.6 allows keyboard input manipulation after system restore

Delayed xlock process execution during power management on Solaris 2.4-2.6 allows keyboard input manipulation after system restore

CVE-1999-1432 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.

Learn more about our Cis Benchmark Audit For Oracle Solaris.