Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Security Bulletin: Security updates available for Adobe Flash Player http://adobe.ly/QVjO72

Ubuntu 14.04 lockscreen bypass

Published: 2014-04-28
Last Updated: 2014-04-28 17:53:46 UTC
by Russ McRee (Version: 1)
4 comment(s)

ISC Handler Rob let us know that @hdmoore Tweeted out: "Upgraded to Ubuntu 14.04? Hold down enter to bypass the lockscreen (what is old is new again): "

The reporter indicates that he was running Ubuntu 14.04 with all the packages updated.
When the screen is locked with password, if holding ENTER, after some seconds the screen freezes and the lock screen crashes. After that the computer is fully unlocked.

The initial report states that the "bug is about the lockscreen being bypassed when Unity crashes/restarts, which is a critcal security issue. The crash will be handled from bug 1308750."

To reproduce:
1) Open the lockscreen (Super+L)
2) Hold Enter down
.... wait .....
*Crash*
Expected:
*No crash*
Stacktrace:
http://paste.ubuntu.com/7263684/

From the bug tracker, the fix has been committed and released. Be cognitive of this issue should you leave an Ubuntu 14.04 host unattended. :-)

Russ McRee | @holisticinfosec

Keywords: Ubuntu
4 comment(s)
Diary Archives