Bug 786310 (CVE-2012-1620)
| Summary: | CVE-2012-1620 slock-0.9 displays modal box after locking | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | maurizio.antillon, psabata |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-04-13 21:35:49 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 812086 | ||
| Bug Blocks: | 786311 | ||
|
Description
Kurt Seifried
2012-02-01 02:41:52 UTC
There's also another reproducer in Comment #4. Neither works for me with slock-0.9-9.fc16.x86_64 or slock-0.9-10r.fc16.x86_64, though -- the apps stay hidden, slock is in the foreground and eats all the input. This is correct behavior, afaic. I cannot reproduce this on F16. Added CVE as per http://www.openwall.com/lists/oss-security/2012/04/06/2 Longpoke 2012-02-01 03:41:11 UTC You need to run the other program *concurrently*. I'll try and make the reproduction steps clearer: 1. run sleep <n>; <X-program> 2. lock the screen as fast as you can 3. make sure <n> seconds has passed, so that you know <X-program> has started 4. press some keys (any keys (doesn't have to be your actual password), don't hit enter) Now the black screen will go away and you can see the current active desktop along with <X-program>. Where <X-program> is the name of some X program that will create a window and leave it open when executed, i.e: pcmanfm. Created slock tracking bugs for this issue Affects: fedora-all [bug 812086] (In reply to comment #4) > Longpoke 2012-02-01 03:41:11 UTC > > You need to run the other program *concurrently*. I'll try and make the > reproduction steps clearer: > > 1. run sleep <n>; <X-program> > 2. lock the screen as fast as you can > 3. make sure <n> seconds has passed, so that you know <X-program> has started > 4. press some keys (any keys (doesn't have to be your actual password), don't > hit enter) > > Now the black screen will go away and you can see the current active desktop > along with <X-program>. > > Where <X-program> is the name of some X program that will create a window and > leave it open when executed, i.e: pcmanfm. I've tried all those reproducers around, including yours now. I've never hit the issue. Some say this only happens with compositing managers and just sometimes...? (In reply to comment #5) > Created slock tracking bugs for this issue > > Affects: fedora-all [bug 812086] As far as I know, this has been fixed in January and has been in f16 stable for some time now. I cannot verify it because of the reason stated above. This was fixed in slock-0.9-10.fc16 on January 31. |