'[oss-security] CVE-2013-0293 -- ovirt-node: Lock screen accepts F2 to drop to shell'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2013-0293 -- ovirt-node: Lock screen accepts F2 to drop to shell
From:       Petr Matousek <pmatouse () redhat ! com>
Date:       2013-02-28 17:17:45
Message-ID: 20130228171744.GI1722 () dhcp-25-225 ! brq ! redhat ! com
[Download RAW message or body]

F2 on the lock screen will cause the UI to drop to a root shell. This
means the screen is not really locked and an unprivileged user that has
access to the console or the ssh session can elevate his privileges.

Acknowledgements:

This issue was discovered by Mike Burns of Red Hat.

Versions affected:
oVirt Node 2.6.0-1 

References:
https://bugzilla.redhat.com/show_bug.cgi?id=911699

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic