[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG] Xorg 1.11 screen locking vulnerability

To: list@xxxxxxxxxxxxx
Subject: [LUG] Xorg 1.11 screen locking vulnerability
From: bad apple <ifindthatinteresting@xxxxxxxxx>
Date: Mon, 23 Jan 2012 00:11:08 +0000
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1327277476; bh=74nJR0Yc0L+a1/BQWgV03sJLIHKr0z0lEE9zhYU7KdM=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=s8DtlsC7c4JAgVSFpFMaehculAArEgBE5JSsjBOz5joi4D9ihAAJvAVeQDMNebcl6pZDn+aujD41oUFxO3FbHw8+bUhjqoYtrzbwOYoFXNp4xGrx0i+0HB5CQc1juiwLzHLXMyCb/nVVriE5Fdb3H1imLYIEdbAQuPxhLAVn9Hs=

I know this isn't a security mailing list but this is a seriously
low-hanging fruit...

http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up/

Fixed in most distros already, but some are still wide open.

In a nutshell, any locked screen (xscreensaver, etc) can be bypassed
with crtl+alt+*

Oops!

Regards,

Mat

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] Xorg 1.11 screen locking vulnerability
- From: James Andrews
Follow-up: Re: [LUG] Xorg 1.11 screen locking vulnerability
- From: Brad Rogers

References:
- [LUG] IPv6
  - From: Neil Winchurst
- Re: [LUG] IPv6
  - From: Gordon Henderson
- Re: [LUG] IPv6
  - From: Grant Phillips-Sewell
- Re: [LUG] IPv6
  - From: Neil Winchurst

Prev by Date: Re: [LUG] IPv6
Next by Date: Re: [LUG] IPv6
Previous by thread: Re: [LUG] IPv6
Next by thread: Re: [LUG] Xorg 1.11 screen locking vulnerability
Index(es):
- Date
- Thread