[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-bugs-dist
Subject: Bug#3113: root compromise
From: "Suttle, Marc" <Marc_Suttle () NAI ! com>
Date: 2000-04-28 19:09:37
[Download RAW message or body]
package-kde screensaver
version-various
when a user is logged in to kde and the password protected screen saver
kicks in the is a combination of key sequences to bypass this and get into
the shell.....combination as follows:
hold down ctrl-alt-f12
then hit alt-f1 (or whatever terminal is being used for kde f2, f3,
whatever)
when at the kde initialization screen hit ctrl-z and you are logged on to
the shell with whatever user started x including root!
I suggest making some kind of lock on this, a malicious user could use this
to access root or super-user and create a backdorr in about 3 minutes or
less
I am using SuSE 6.3....this has been tested on kde with redhat 6.2 as well
as suse 6.3.
please if you can let me know if this is a new bug or has already been
discovered
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic