Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1154107 - CVE-2014-7300 gnome-shell: lockscreen bypass with printscreen key [rhel-7.1]
CVE-2014-7300 gnome-shell: lockscreen bypass with printscreen key [rhel-7.1]
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: gnome-shell (Show other bugs)
7.0
All Linux
unspecified Severity low
: rc
: ---
Assigned To: Florian Müllner
Desktop QE
: Security, SecurityTracking
Depends On:
Blocks: CVE-2014-7300
  Show dependency treegraph
 
Reported: 2014-10-17 10:48 EDT by Florian Müllner
Modified: 2015-05-20 11:17 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-05 08:22:04 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Bugzilla 737456 None None None Never
Red Hat Product Errata RHSA-2015:0535 normal SHIPPED_LIVE Low: GNOME Shell security, bug fix, and enhancement update 2015-03-05 11:32:34 EST

  None (edit)
Description Florian Müllner 2014-10-17 10:48:16 EDT 
+++ This bug was initially created as a clone of Bug #1147917 +++

It was discovered [1] that PrtSc key is not disabled when the screen is locked.

Taking a bunch of screenshots at once bloats gnome-shell to the point
where it's pretty easy to get it targeted by the kernel's oom-killer.
This means that anyone with access to the keyboard of a locked GNOME
session can (briefly) disable the lockscreen, which lets them see and
interact with the running gnome session.

This might be fixed in gnome-shell 3.14.1, some patches available in the original bugreport [1].

[1]: https://bugzilla.gnome.org/show_bug.cgi?id=737456

--- Additional comment from Murray McAllister on 2014-10-02 22:17:43 EDT ---


Created gnome-shell tracking bugs for this issue:

Affects: fedora-all [bug 1149039]

--- Additional comment from Vasyl Kaigorodov on 2014-10-06 07:00:52 EDT ---

CVE-2014-7300 was assigned for:

"PrtSc is an unauthenticated request that's available to untrusted
parties. A series of requests can consume a large amount of memory.
The combination of this PrtSc behavior and the existence of the
oom-killer allows authentication bypass for command execution.
Therefore, the product must limit the aggregate memory consumption of
all active requests, and the lack of this limit is a vulnerability."

http://seclists.org/oss-sec/2014/q4/91
Comment 3 Michael Boisvert 2014-12-17 11:30:15 EST 
With gnome-shell-3.8.4-45.el7, I am seeing that PrntScrn is still enabled on the lock screen, but holding it down for 2+ minutes did not cause a crash and subsequent security breach. Is the fix that PrtScrn is disabled on the lock screen or something else?
Comment 4 Ray Strode [halfline] 2014-12-17 11:40:24 EST 
I believe the fix is to disable multiple concurrent screenshots at a time. So now it only allows one at a time so it can't overwhelm the system.
Comment 7 errata-xmlrpc 2015-03-05 08:22:04 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0535.html
Comment 8 Florian Müllner 2015-05-20 11:17:57 EDT 
(In reply to Ray Strode [halfline] from comment #4)
> I believe the fix is to disable multiple concurrent screenshots at a time.
> So now it only allows one at a time so it can't overwhelm the system.

That was indeed the original fix that went into 7.1. Upstream there was also an accompanying gnome-settings-daemon change that disabled screenshots altogether when locked, however I don't think it was backported to RHEL. The desktop rebase in 7.2 will bring it in though.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.