Date: Wed, 12 Feb 2014 10:48:28 +0100 (CET) From: Clemens Fries <clemens@...oworld.de> To: oss-security@...ts.openwall.com Subject: cinnamon-screensaver lock bypass (tested on Fedora 20) Hello, It is possible to circumvent the screen lock on a cinnamon session under Fedora 20 using the 'Menu' key on a keyboard. I'm posting this here, because I assume that this is not limited to the version shipped with Fedora. Steps to reproduce: * Start cinnamon session * Lock the screen (Ctrl+Alt+L) * Press the 'Menu' key on the keyboard * A menu appears for a brief moment * Press 'Escape' * Focus is now beneath the screensaver * Press Alt+F2 * Start 'gnome-terminal' * Type 'killall cinnamon-screensaver' Seen on a fully patched Fedora 20 (February 12th, 2014). I had a brief look at bugzilla.redhat.com, but it seems this has not been reported. I also tested this on a second machine with the same outcome. Some version information: $ rpm -qi cinnamon Name : cinnamon Version : 2.0.14 Release : 4.fc20 Architecture: x86_64 [...] $ rpm -qi cinnamon-screensaver Name : cinnamon-screensaver Version : 2.0.3 Release : 1.fc20 Architecture: x86_64 [...] Kind regards, Clemens
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.