Vigil@nce: Gnome, user access via Switch User
April 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When the victim uses Switch User to allow the attacker to login,
he can access to the victim’s Gnome environment.
– Severity: 1/4
– Creation date: 20/04/2011
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Switch User feature of Gnome opens a second user session.
However, the first session is not locked by the screensaver. The
second session user can thus logout, in order to access to the
first session.
When the victim uses Switch User to allow the attacker to login,
he can therefore access to the victim’s Gnome environment.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Gnome-user-access-via-Switch-User-10582