Date: Wed, 12 Feb 2014 10:48:28 +0100 (CET) From: Clemens Fries <clemens@...oworld.de> To: oss-security@...ts.openwall.com Subject: cinnamon-screensaver lock bypass (tested on Fedora 20) Hello, It is possible to circumvent the screen lock on a cinnamon session under Fedora 20 using the 'Menu' key on a keyboard. I'm posting this here, because I assume that this is not limited to the version shipped with Fedora. Steps to reproduce: * Start cinnamon session * Lock the screen (Ctrl+Alt+L) * Press the 'Menu' key on the keyboard * A menu appears for a brief moment * Press 'Escape' * Focus is now beneath the screensaver * Press Alt+F2 * Start 'gnome-terminal' * Type 'killall cinnamon-screensaver' Seen on a fully patched Fedora 20 (February 12th, 2014). I had a brief look at bugzilla.redhat.com, but it seems this has not been reported. I also tested this on a second machine with the same outcome. Some version information: $ rpm -qi cinnamon Name : cinnamon Version : 2.0.14 Release : 4.fc20 Architecture: x86_64 [...] $ rpm -qi cinnamon-screensaver Name : cinnamon-screensaver Version : 2.0.3 Release : 1.fc20 Architecture: x86_64 [...] Kind regards, Clemens
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ