Vigil@nce - Gnome Shell: privilege escalation via session locking
June 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can trigger an error in Gnome Shell, in order to
unlock a Gnome session and get the access rights of the logged in
user.
– Impacted products: Unix (platform)
– Severity: 1/4
– Creation date: 19/06/2013
DESCRIPTION OF THE VULNERABILITY
Gnome-shell is the core program of the Gnome desktop.
The clutter program manages session locking with gnome-shell.
However, the function _gdk_x11_display_error_event(), as used by
clutter can raise a fatal error, which let the end user bypassing
reauthentication before letting get access to the Gnome session.
An attacker can therefore trigger an error in Gnome Shell, in
order to unlock a Gnome session and get the access rights of the
logged in user.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Gnome-Shell-privilege-escalation-via-session-locking-12994