oss-security - Re: cinnamon-screensaver lock bypass (tested on Fedora 20)

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Thu, 13 Feb 2014 17:13:45 +1100
From: Murray McAllister <mmcallis@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: cinnamon-screensaver lock bypass (tested on Fedora
 20)

On 02/12/2014 08:48 PM, Clemens Fries wrote:
> Hello,
>
> It is possible to circumvent the screen lock on a cinnamon session under Fedora
> 20 using the 'Menu' key on a keyboard. I'm posting this here, because I assume
> that this is not limited to the version shipped with Fedora.
>
> Steps to reproduce:
>
> * Start cinnamon session
> * Lock the screen (Ctrl+Alt+L)
> * Press the 'Menu' key on the keyboard
> * A menu appears for a brief moment
> * Press 'Escape'
> * Focus is now beneath the screensaver
> * Press Alt+F2
> * Start 'gnome-terminal'
> * Type 'killall cinnamon-screensaver'
>
> Seen on a fully patched Fedora 20 (February 12th, 2014). I had a brief look at
> bugzilla.redhat.com, but it seems this has not been reported. I also tested
> this on a second machine with the same outcome.

Thanks for report and testing! Filed 
https://bugzilla.redhat.com/show_bug.cgi?id=1064695 for this issue.

Cheers,

--
Murray McAllister / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.