Date: Thu, 13 Feb 2014 17:13:45 +1100 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: cinnamon-screensaver lock bypass (tested on Fedora 20) On 02/12/2014 08:48 PM, Clemens Fries wrote: > Hello, > > It is possible to circumvent the screen lock on a cinnamon session under Fedora > 20 using the 'Menu' key on a keyboard. I'm posting this here, because I assume > that this is not limited to the version shipped with Fedora. > > Steps to reproduce: > > * Start cinnamon session > * Lock the screen (Ctrl+Alt+L) > * Press the 'Menu' key on the keyboard > * A menu appears for a brief moment > * Press 'Escape' > * Focus is now beneath the screensaver > * Press Alt+F2 > * Start 'gnome-terminal' > * Type 'killall cinnamon-screensaver' > > Seen on a fully patched Fedora 20 (February 12th, 2014). I had a brief look at > bugzilla.redhat.com, but it seems this has not been reported. I also tested > this on a second machine with the same outcome. Thanks for report and testing! Filed https://bugzilla.redhat.com/show_bug.cgi?id=1064695 for this issue. Cheers, -- Murray McAllister / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ