[Bug 579280] New: Screen may be unlocked without password
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c0 Summary: Screen may be unlocked without password Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: x86-64 OS/Version: openSUSE 11.2 Status: NEW Severity: Critical Priority: P5 - None Component: KDE4 Workspace AssignedTo: kde-maintainers@suse.de ReportedBy: StEndres@web.de QAContact: qa@suse.de Found By: --- Blocker: No After locking the screen it can be unlocked by pressing return about 10 seconds. The Screensaver crashes and after a while you get access to the desktop without a password. Tested with KDE 4.4 Opensuse 11.2. Should also work with GNOME http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Li... -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c Stefan Endres <StEndres@web.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c1 Karsten König <remur@gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |remur@gmx.net --- Comment #1 from Karsten König <remur@gmx.net> 2010-02-11 20:39:19 UTC --- Are you sure you are using the kde screensaver? because I can't unlock it that way and the heise report is gnome specific, whereas opensuse wasn't the only ones affected: https://bugzilla.redhat.com/show_bug.cgi?id=562217 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c2 --- Comment #2 from Stefan Endres <StEndres@web.de> 2010-02-11 20:48:11 UTC --- (In reply to comment #1)
Are you sure you are using the kde screensaver? because I can't unlock it that way and the heise report is gnome specific, whereas opensuse wasn't the only ones affected: https://bugzilla.redhat.com/show_bug.cgi?id=562217
Well, I'm using KDE, I lock my screen and I can unlock it as described. My screensaver is set to "blank screen", so it should be a KDE one and I never used GNOME. So why should it be a gnome one? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c3 --- Comment #3 from Stefan Endres <StEndres@web.de> 2010-02-11 20:54:24 UTC --- Just a comment to my last post: It seems not to be the screensaver. If I lock my screen I get a locked plasma-screen, where I can put plasmoids. Pressing return for a few seconds and waiting awhile while pressing some keys, like "ctrl+alt+del" or somthing else, works in all cases. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c4 --- Comment #4 from Karsten König <remur@gmx.net> 2010-02-11 21:00:40 UTC --- Hmm I am still on 4.3.1 here and it is a kscreenlocker who keeps the monitor locked, the plasma overlay came with 4.4 (it is on per default? ugh) I can't get it to unlock with enter + random keynoise either, so could someone with 4.3.1 please test as well if I misunderstood how to do it correctly? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c5 --- Comment #5 from Stefan Endres <StEndres@web.de> 2010-02-11 21:09:40 UTC --- I deactivated plasmoids in screensaver-settings. I got a black screen. Pressing return for 10s brought up a grey box. After about 30s the screen gets unlocked. Sometimes I have to click second time on the "unlock"-button. But it the unlocks immediately. I can test it tommorow on KDE 4.3.x -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c6 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@novell.com, | |security-team@suse.de --- Comment #6 from Marcus Meissner <meissner@novell.com> 2010-02-11 21:58:51 UTC --- ps auxw|grep gnome-scree ps auxw|grep xscreen strange. do you see any crashes in .xsession-errors? so far we just have this bugreport for gnome-screensaver, not for KDE. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c7 --- Comment #7 from Stefan Endres <StEndres@web.de> 2010-02-12 06:15:17 UTC --- I testes it on KDE 4.3.1. OpenSuse 11.2 32bit. It doesn't work there. BUt it still works for KDE 4.4. Yes, it's strange, but it is not gnome! I havn t enought time now for searching logs. But I can do so tommorow. Today I won't have any time. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c8 --- Comment #8 from Thomas Biege <thomas@novell.com> 2010-02-12 08:53:16 UTC --- I can reproduce it. kscreenlock eats up a lot of mem and CPU and then crashes. thomas@Spiral:~> cat /etc/SuSE-release openSUSE 11.2 (i586) VERSION = 11.2 thomas@Spiral:~> rpm -qa "kde4*" kde4-kgreeter-plugins-4.3.85-381.19.i586 kde4-kapptemplate-4.3.1-3.7.i586 kde4-pinkytagger-2.2.3-0.pm.1.i586 kde4-l10n-de-4.3.1-2.4.noarch kde4-l10n-devel-4.3.1-3.7.i586 kde4-kio_rapip-0.2-3.1.i586 kde4-kcemirror-0.1-1.1.i586 kde4-filesystem-4.4.0-96.1.i586 kde4-kmplayer-0.11.0-0.pm.2.i586 kde4-l10n-en_GB-4.3.1-2.4.noarch kde4-l10n-de-data-4.3.1-2.4.noarch kde4-l10n-de-doc-4.3.1-2.4.noarch kde4-webkitpart-4.3.0.svn1055873-7.18.i586 kde4-mplayerthumbs-1.1-0.pm.3.i586 thomas@Spiral:~> rpm -qa "kdelibs4*" kdelibs4-core-4.4.0-222.1.i586 kdelibs4-4.4.0-222.1.i586 kdelibs4-doc-4.4.0-222.1.i586 kdelibs4-branding-openSUSE-11.2-29.30.1.i586 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c Thomas Biege <thomas@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Screen may be unlocked |VUL-0: Screen may be |without password |unlocked without password -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|VUL-0: Screen may be |VUL-0: KDE4: Screen may be |unlocked without password |unlocked without password | |(due to memory leak?) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c9 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dmueller@novell.com --- Comment #9 from Marcus Meissner <meissner@novell.com> 2010-02-12 12:31:40 UTC --- could not reproduce it with plain 11.2 / KDE 4.3.1 system. might be related to 4.4.0 release? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c10 Karsten König <remur@gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |http://bugs.kde.org/show_bu | |g.cgi?id=217882 --- Comment #10 from Karsten König <remur@gmx.net> 2010-02-12 12:48:54 UTC --- Upstream bugreports: http://bugs.kde.org/show_bug.cgi?id=217882 http://bugs.kde.org/show_bug.cgi?id=226449 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c11 --- Comment #11 from Stefan Seyfried <seife@novell.slipkontur.de> 2010-02-12 14:16:39 CET --- JFTR: I got an backtrace that looks *very similar* to that of kde bug 217882, so this seems to be the same issue. I can reproduce it with both FACTORY and 11.2 running KDE 4.4.0 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c12 --- Comment #12 from Marcus Meissner <meissner@novell.com> 2010-02-12 13:33:53 UTC --- I can confirm with Factory 4.4.0. It takes 5 seconds for me until unlock. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c13 --- Comment #13 from Marcus Meissner <meissner@novell.com> 2010-02-12 13:54:26 UTC --- Created an attachment (id=342198) --> (http://bugzilla.novell.com/attachment.cgi?id=342198) my crash (on ppc factory) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c14 --- Comment #14 from Marcus Meissner <meissner@novell.com> 2010-02-12 13:59:14 UTC --- for the folks where it crash: rpm -q kdebase4-workspace (if not 4.4.0, post here ;) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c15 --- Comment #15 from Stefan Seyfried <seife@novell.slipkontur.de> 2010-02-12 15:05:24 CET --- FACTORY: strolchi:~ # rpm -q kdebase4-workspace kdebase4-workspace-4.4.0-409.1.i586 strolchi:~ # rpm -qi kdebase4-workspace|tail -1 Distribution: KDE:KDE4:Factory:Desktop / openSUSE_Factory 11.2: seife@seife:~> rpm -q kdebase4-workspace kdebase4-workspace-4.4.0-409.2.i586 seife@seife:~> rpm -qi kdebase4-workspace|tail -1 Distribution: KDE:KDE4:Factory:Desktop / openSUSE_11.2 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c16 --- Comment #16 from Stefan Endres <StEndres@web.de> 2010-02-13 08:22:41 UTC --- kdebase4-workspace-4.4.0-409.2.x86_64 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c17 --- Comment #17 from Marcus Meissner <meissner@novell.com> 2010-02-13 11:32:21 UTC --- Reply-To: oss-security@lists.openwall.com Date: Fri, 12 Feb 2010 13:18:13 -0500 From: Jeff Mitchell <mitchell@kde.org> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20100111 +Thunderbird/3.0.1 To: oss-security@lists.openwall.com Subject: [oss-security] Re: CVE Request: KDE screensaver unlock issue similar to GNOME one [-- PGP Ausgabe folgt (aktuelle Zeit: Sam 13 Feb 2010 12:31:38 CET) --] gpg: Signature made Fre 12 Feb 2010 19:18:17 CET using DSA key ID D0AE1825 gpg: Unterschrift kann nicht geprüft werden: Öffentlicher Schlüssel nicht gefunden [-- Ende der PGP-Ausgabe --] [-- Die folgenden Daten sind signiert --] Sorry it's not in the same thread, as I wasn't subscribed to this list at the time. I can verify that only KDE SC 4.4.0 is affected. Released versions of 4.3 are *not* affected by this bug. I have committed a patch to the KDE SVN server as revision 1089213. See https://bugs.kde.org/show_bug.cgi?id=217882#c16 Although this solved the problem for me locally, I'm in the process of having other testers verify that they can no longer reproduce the problem with this patch, and will report back once this is verified. Thanks, Jeff [-- Ende der signierten Daten --] -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c18 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|VUL-0: KDE4: Screen may be |KDE 4.4.0: Screen may be |unlocked without password |unlocked without password |(due to memory leak?) | --- Comment #18 from Marcus Meissner <meissner@novell.com> 2010-02-13 11:33:12 UTC --- Reply-To: oss-security@lists.openwall.com Date: Fri, 12 Feb 2010 14:38:45 -0500 From: Jeff Mitchell <mitchell@kde.org> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20100111 +Thunderbird/3.0.1 To: oss-security@lists.openwall.com Subject: Re: [oss-security] Re: CVE Request: KDE screensaver unlock issue similar to GNOME one [-- PGP Ausgabe folgt (aktuelle Zeit: Sam 13 Feb 2010 12:32:20 CET) --] gpg: Signature made Fre 12 Feb 2010 20:38:49 CET using DSA key ID D0AE1825 gpg: Unterschrift kann nicht geprüft werden: Öffentlicher Schlüssel nicht gefunden [-- Ende der PGP-Ausgabe --] [-- Die folgenden Daten sind signiert --] On 2/12/2010 1:18 PM, Jeff Mitchell wrote:
Sorry it's not in the same thread, as I wasn't subscribed to this list at the time.
I can verify that only KDE SC 4.4.0 is affected. Released versions of 4.3 are *not* affected by this bug.
I have committed a patch to the KDE SVN server as revision 1089213. See https://bugs.kde.org/show_bug.cgi?id=217882#c16
Although this solved the problem for me locally, I'm in the process of having other testers verify that they can no longer reproduce the problem with this patch, and will report back once this is verified.
Gentoo and Fedora distribution maintainers have also tested this patch and verified that it works. The patch against 4.4.0 can easily be obtained from here: http://websvn.kde.org/?view=revision&revision=1089241 As this is now backported to the 4.4 branch, it is expected that 4.4.0 will be the only release affected by this vulnerability. Thanks, Jeff -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c19 --- Comment #19 from Marcus Meissner <meissner@novell.com> 2010-02-13 11:33:46 UTC --- No product contains 4.4.0 yet, so remove VUL-0 tag (used for old products only). -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c20 Lubos Lunak <llunak@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #20 from Lubos Lunak <llunak@novell.com> 2010-02-14 17:15:14 UTC --- Already fixed yesterday in KKFD by Dirk. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c21 --- Comment #21 from Thomas Biege <thomas@novell.com> 2010-02-16 09:29:33 UTC --- (In reply to comment #14)
for the folks where it crash: rpm -q kdebase4-workspace (if not 4.4.0, post here ;)
kdebase4-workspace-4.3.85-381.19.i586 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c22 Thomas Biege <thomas@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #22 from Thomas Biege <thomas@novell.com> 2010-02-16 10:25:20 UTC --- I have a bad mixture of kde 4.3 and kde 4.4 on my system, but kdebase4-workspace is 4.3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c23 --- Comment #23 from Thomas Biege <thomas@novell.com> 2010-02-16 10:42:15 UTC --- Created an attachment (id=342609) --> (http://bugzilla.novell.com/attachment.cgi?id=342609) kscreenlocker-crash.txt gdb and version+HW info -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c24 --- Comment #24 from Stefan Seyfried <seife@novell.slipkontur.de> 2010-02-16 13:06:21 CET --- 4.3.85 is 4.4.rcSomething. So I don't think this bug should be reopened. Unless you can reproduce with 4.3.X (X < 80) from 11.2 proper. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c25 Thomas Biege <thomas@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED --- Comment #25 from Thomas Biege <thomas@novell.com> 2010-02-16 12:17:49 UTC --- ok! -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c26 --- Comment #26 from Ludwig Nussel <lnussel@novell.com> 2010-03-04 11:05:33 CET --- ====================================================== Name: CVE-2010-0923 Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes. Reference: CONFIRM: https://bugzilla.novell.com/show_bug.cgi?id=579280 Reference: CONFIRM: https://bugs.kde.org/show_bug.cgi?id=217882 Reference: VUPEN: http://www.vupen.com/english/advisories/2010/0409 Reference: MLIST: http://www.openwall.com/lists/oss-security/2010/02/17/3 Reference: CONFIRM: http://www.kde.org/info/security/advisory-20100217-1.txt Reference: CONFIRM: http://websvn.kde.org/trunk/KDE/kdebase/workspace/krunner/lock/lockdlg.cc?r1=1089213&r2=1089212&pathrev=1089213 Reference: CONFIRM: http://websvn.kde.org/?view=revision&revision=1089241 Reference: CONFIRM: http://websvn.kde.org/?revision=1089213&view=revision Reference: SECTRACK: http://securitytracker.com/id?1023641 Reference: SECUNIA: http://secunia.com/advisories/38600 Reference: MLIST: http://marc.info/?l=oss-security&m=126600468622421&w=2 Reference: MLIST: http://marc.info/?l=oss-security&m=126599909614401&w=2 Reference: MLIST: http://marc.info/?l=oss-security&m=126598163422670&w=2 Reference: CONFIRM: http://bugs.kde.org/show_bug.cgi?id=226449 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com