dx-packages team mailing list archive
-
dx-packages team
-
Mailing list archive
-
Message #14634
[Bug 1313885] [NEW] lock screen bypass
*** This bug is a security vulnerability ***
Public security bug reported:
I found a bug allowing a user to bypass the new lock screen of Ubuntu
14.04
1 - When the screen is locked just right click multiple times on the indicator bar (for example on the battery indicator), then shortcuts are available.
2 - Press ALT+F2
3 - you can execute the command you whant on behalf of the logged user.
Here is a video demonstrating this bug :
http://www.youtube.com/watch?v=d4UUB0sI5Fc
lsb_release -rd
Description: Ubuntu 14.04 LTS
Release: 14.04
Ubuntu version updated the 04/28/2014
apt-cache policy unity
unity:
Installed: 7.2.0+14.04.20140416-0ubuntu1
Candidate: 7.2.0+14.04.20140416-0ubuntu1
Version table:
*** 7.2.0+14.04.20140416-0ubuntu1 0
500 http://fr.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
100 /var/lib/dpkg/status
** Affects: unity (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of DX
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1313885
Title:
lock screen bypass
Status in “unity” package in Ubuntu:
New
Bug description:
I found a bug allowing a user to bypass the new lock screen of Ubuntu
14.04
1 - When the screen is locked just right click multiple times on the indicator bar (for example on the battery indicator), then shortcuts are available.
2 - Press ALT+F2
3 - you can execute the command you whant on behalf of the logged user.
Here is a video demonstrating this bug :
http://www.youtube.com/watch?v=d4UUB0sI5Fc
lsb_release -rd
Description: Ubuntu 14.04 LTS
Release: 14.04
Ubuntu version updated the 04/28/2014
apt-cache policy unity
unity:
Installed: 7.2.0+14.04.20140416-0ubuntu1
Candidate: 7.2.0+14.04.20140416-0ubuntu1
Version table:
*** 7.2.0+14.04.20140416-0ubuntu1 0
500 http://fr.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
100 /var/lib/dpkg/status
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1313885/+subscriptions
Follow ups
-
[Bug 1313885] Re: lock screen bypass
From: Ariel Gerardo Crespín, 2015-03-22
-
[Bug 1313885] Re: lock screen bypass
From: Stephen M. Webb, 2014-06-04
-
[Bug 1313885] Re: lock screen bypass
From: Irfan Fauzan, 2014-05-11
-
[Bug 1313885] Re: lock screen bypass
From: Treviño, 2014-05-02
-
[Bug 1313885] Re: lock screen bypass
From: Launchpad Bug Tracker, 2014-04-30
-
[Bug 1313885] Re: lock screen bypass
From: Mateusz Stachowski, 2014-04-29
-
[Bug 1313885] Re: lock screen bypass
From: Marc Deslauriers, 2014-04-29
-
[Bug 1313885] Re: lock screen bypass
From: azul, 2014-04-29
-
[Bug 1313885] Re: lock screen bypass
From: azul, 2014-04-29
-
[Bug 1313885] Re: lock screen bypass
From: azul, 2014-04-29
-
[Bug 1313885] Re: lock screen bypass
From: Marc Deslauriers, 2014-04-29
-
[Bug 1313885] Re: lock screen bypass
From: Launchpad Bug Tracker, 2014-04-29
-
[Bug 1313885] Re: lock screen bypass
From: Marc Deslauriers, 2014-04-29
-
[Bug 1313885] Re: lock screen bypass
From: Treviño, 2014-04-29
-
[Bug 1313885] Re: lock screen bypass
From: Treviño, 2014-04-29
-
[Bug 1313885] Re: lock screen bypass
From: Launchpad Bug Tracker, 2014-04-29
-
[Bug 1313885] Re: lock screen bypass
From: Treviño, 2014-04-29
-
[Bug 1313885] Re: lock screen bypass
From: Launchpad Bug Tracker, 2014-04-28
-
[Bug 1313885] Re: lock screen bypass
From: Brandon Schaefer, 2014-04-28
-
[Bug 1313885] Re: lock screen bypass
From: Marc Deslauriers, 2014-04-28
-
[Bug 1313885] [NEW] lock screen bypass
From: Frédéric BARDY, 2014-04-28
References
