oss-sec mailing list archives
cinnamon-screensaver lock bypass (tested on Fedora 20)
From: Clemens Fries <clemens () xenoworld de>
Date: Wed, 12 Feb 2014 10:48:28 +0100 (CET)
Hello, It is possible to circumvent the screen lock on a cinnamon session under Fedora 20 using the 'Menu' key on a keyboard. I'm posting this here, because I assume that this is not limited to the version shipped with Fedora. Steps to reproduce: * Start cinnamon session * Lock the screen (Ctrl+Alt+L) * Press the 'Menu' key on the keyboard * A menu appears for a brief moment * Press 'Escape' * Focus is now beneath the screensaver * Press Alt+F2 * Start 'gnome-terminal' * Type 'killall cinnamon-screensaver' Seen on a fully patched Fedora 20 (February 12th, 2014). I had a brief look at bugzilla.redhat.com, but it seems this has not been reported. I also tested this on a second machine with the same outcome. Some version information: $ rpm -qi cinnamon Name : cinnamon Version : 2.0.14 Release : 4.fc20 Architecture: x86_64 [...] $ rpm -qi cinnamon-screensaver Name : cinnamon-screensaver Version : 2.0.3 Release : 1.fc20 Architecture: x86_64 [...] Kind regards, Clemens
Current thread:
- cinnamon-screensaver lock bypass (tested on Fedora 20) Clemens Fries (Feb 12)
- Re: cinnamon-screensaver lock bypass (tested on Fedora 20) cve-assign (Feb 12)
- Re: cinnamon-screensaver lock bypass (tested on Fedora 20) Murray McAllister (Feb 12)