Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 13 Feb 2014 17:13:45 +1100
From: Murray McAllister <mmcallis@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: cinnamon-screensaver lock bypass (tested on Fedora
 20)

On 02/12/2014 08:48 PM, Clemens Fries wrote:
> Hello,
>
> It is possible to circumvent the screen lock on a cinnamon session under Fedora
> 20 using the 'Menu' key on a keyboard. I'm posting this here, because I assume
> that this is not limited to the version shipped with Fedora.
>
> Steps to reproduce:
>
> * Start cinnamon session
> * Lock the screen (Ctrl+Alt+L)
> * Press the 'Menu' key on the keyboard
> * A menu appears for a brief moment
> * Press 'Escape'
> * Focus is now beneath the screensaver
> * Press Alt+F2
> * Start 'gnome-terminal'
> * Type 'killall cinnamon-screensaver'
>
> Seen on a fully patched Fedora 20 (February 12th, 2014). I had a brief look at
> bugzilla.redhat.com, but it seems this has not been reported. I also tested
> this on a second machine with the same outcome.

Thanks for report and testing! Filed 
https://bugzilla.redhat.com/show_bug.cgi?id=1064695 for this issue.

Cheers,

--
Murray McAllister / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ