News
Vigil@nce - Xorg: stop the ScreenSaver
February 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who has access to the Xorg console, can press a key combination, in order to stop all locked screen savers.
Severity: 2/4
Creation date: 19/01/2012
IMPACTED PRODUCTS
Fedora
Unix - plateform
DESCRIPTION OF THE VULNERABILITY
Before 2008, graphic application developers sometimes needed to
kill a window grabbing the screen. In order to do so, two keyboard
shortcuts were used:
Ctrl+Alt+Keypad-Multiply : kill the process which grabbed the
screen
Ctrl+Alt+Keypad-Divide : deactivate the grab
Both feature were only enabled when AllowClosedownGrabs and
AllowDeactivateGrabs were set in xorg.conf. In 2008, Xorg
developers suppressed this feature, which was seen as dangerous.
In 2011 (Xorg version 1.10.99.902), developers reintroduced this feature because they needed it. However, it is now enabled by default.
An attacker, who has access to the Xorg console, can therefore press a key combination, in order to stop all locked screen savers.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
