Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Feb 2014 10:48:28 +0100 (CET)
From: Clemens Fries <clemens@...oworld.de>
To: oss-security@...ts.openwall.com
Subject: cinnamon-screensaver lock bypass (tested on Fedora 20)

Hello,

It is possible to circumvent the screen lock on a cinnamon session under Fedora
20 using the 'Menu' key on a keyboard. I'm posting this here, because I assume
that this is not limited to the version shipped with Fedora.

Steps to reproduce:

* Start cinnamon session
* Lock the screen (Ctrl+Alt+L)
* Press the 'Menu' key on the keyboard
* A menu appears for a brief moment
* Press 'Escape'
* Focus is now beneath the screensaver
* Press Alt+F2
* Start 'gnome-terminal'
* Type 'killall cinnamon-screensaver'

Seen on a fully patched Fedora 20 (February 12th, 2014). I had a brief look at
bugzilla.redhat.com, but it seems this has not been reported. I also tested
this on a second machine with the same outcome.

Some version information:

$ rpm -qi cinnamon
Name        : cinnamon
Version     : 2.0.14
Release     : 4.fc20
Architecture: x86_64
[...]

$ rpm -qi cinnamon-screensaver
Name        : cinnamon-screensaver
Version     : 2.0.3
Release     : 1.fc20
Architecture: x86_64
[...]


Kind regards,
Clemens

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ