[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2013-0293 -- ovirt-node: Lock screen accepts F2 to drop to shell
From: Petr Matousek <pmatouse () redhat ! com>
Date: 2013-02-28 17:17:45
Message-ID: 20130228171744.GI1722 () dhcp-25-225 ! brq ! redhat ! com
[Download RAW message or body]
F2 on the lock screen will cause the UI to drop to a root shell. This
means the screen is not really locked and an unprivileged user that has
access to the console or the ssh session can elevate his privileges.
Acknowledgements:
This issue was discovered by Mike Burns of Red Hat.
Versions affected:
oVirt Node 2.6.0-1
References:
https://bugzilla.redhat.com/show_bug.cgi?id=911699
Thanks,
--
Petr Matousek / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic