[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    Bug#3113: root compromise
From:       "Suttle, Marc" <Marc_Suttle () NAI ! com>
Date:       2000-04-28 19:09:37
[Download RAW message or body]

package-kde screensaver
version-various

when a user is logged in to kde and the password protected screen saver
kicks in the is a combination of key sequences to bypass this and get into
the shell.....combination as follows:

hold down ctrl-alt-f12
then hit alt-f1 (or whatever terminal is being used for kde f2, f3,
whatever)
when at the kde initialization screen hit ctrl-z and you are logged on to
the shell with whatever user started x including root!

I suggest making some kind of lock on this, a malicious user could use this
to access root or super-user and create a backdorr in about 3 minutes or
less

I am using SuSE 6.3....this has been tested on kde with redhat 6.2 as well
as suse 6.3.


please if you can let me know if this is a new bug or has already been
discovered

[prev in list] [next in list] [prev in thread] [next in thread]