'Re: Security flaw in klock (fwd)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Security flaw in klock (fwd)
From:       Alex Zepeda <garbanzo () hooked ! net>
Date:       1999-06-23 23:28:07
[Download RAW message or body]

Typical RedHat crap, this exploit was apparently sent to BugTraq before
anyone could post about it to kde-devel or the like.  Perhaps a security
mailing list is in order.  Or a dunce cap for RH and crew.

- alex

---------- Forwarded message ----------
Date: Wed, 23 Jun 1999 19:18:17 -0400
From: Matt Wilson <msw@redhat.com>
To: garbanzo@hooked.net
Subject: Re: Security flaw in klock

----- Forwarded message from Matt Wilson <msw@redhat.com> -----

Message-ID: <19990623190903.I6066@devserv.devel.redhat.com>
Date: Wed, 23 Jun 1999 19:09:03 -0400
From: Matt Wilson <msw@redhat.com>
To: BUGTRAQ@netspace.org
Cc: Maurizio Paolini <paolini@DMF.BS.UNICATT.IT>, ettrich@kde.org
Subject: Re: Security flaw in klock
References: <199906230823.KAA28861@gauss.dmf.bs.unicatt.it>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.91.1
In-Reply-To: <199906230823.KAA28861@gauss.dmf.bs.unicatt.it>; from Maurizio Paolini on Wed, Jun 23, 1999 at 10:23:26AM +0200
Status: RO
Content-Length: 1840
Lines: 53

I've confirmed this race.  Here's the fullproof method to recreate the
problem:

1)  Run klock.
2)  Hit <enter> at the first password prompt.  klock says, "Failed".
3)  Watch closely and count the number of times the cursor blinks.
    On my system, from the time you hit enter till the dialog disappears
    you'll have 10-11 blinks.
4)  On or just after the 10th blink (just as the dialog would disappear),
    hit <enter>.
5)  Poof - klock segfaults and access is granted.

It may take a few tries, but I've gotten to where I can hit the
race every time.

I am able to reproduce this in the KDE RPMS that shipped in Red Hat
Linux 6.0 and the updated RPMS released a few days ago.

Digging into source now (*grumble*, yet another KDE update)...

Matt Wilson
msw@redhat.com

On Wed, Jun 23, 1999 at 10:23:26AM +0200, Maurizio Paolini wrote:
> Hello,
> this is my first post to this list, so please forgive me if this
> is off topic or badly formulated.
> 
> It seems to me that anyone can take control of a local kde session
> locked with klock (the default locking mechanism of kde).
> 
> This was discovered by my 7 years old son, who was just trying
> to gain control of my session by typing randomly on the keyboard, and
> it just involves the "backspace" key and the "enter" key, and perhaps
> the "caps lock" key.
> 
> It actually takes a few tries, and I don't know of a precise sequence
> of keys.  What I do is
> 
> 1. wait for the "enter password" message.
> 2. press the "caps lock" once or twice.
> 3. press the "backspace" six times with different timings each try.
> 4. press the enter key.
> 
> After a few tries (usually five to ten...) klock dies with no message.
> 
> If this is confirmed by someone else it seems to be a serious
> flaw of klock (or a backdoor?)
> 
> Thank you,
> 
> Maurizio Paolini
 LocalWords:  klock

----- End forwarded message -----

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic