Xorg 1.11 Vulnerability: Bypass Screen Lockers With A Keyboard Shortcut

9:53 AM

ubuntu lock screen

A Xorg server vulnerability which makes it possible to kill any screensaver / screen locker using the CTRL + ALT + Multiply (multiply is the "*" character on the Numpad) keyboard combination has been discovered yesterday

Basically, an attacker with physical access to an affected computer can bypass the the screensaver / lock screen dialog (GNOME Screensaver, xscreensaver kscreenlocker, etc - on any desktop environment) using a simple keyboard combination, without having to enter the password.

This vulnerability only affects systems running Xorg server 1.11+ which includes Fedora 16, Arch Linux, Fuduntu, Debian unstable and others, regardless of the desktop environment. Ubuntu isn't affected by this vulnerability because all Ubuntu versions use a Xorg server version older than 1.11 (Ubuntu 12.04 should be released with Xorg 1.11, but for now it still uses 1.10.4).


Ubuntu 12.04 xorg version

If you want to find out the Xorg server version on your computer, you can run the following command:
X -version

For a work-around, check out this Reddit post.

Update: the bug has been fixed in Arch Linux, Fedora, Fuduntu and Debian Unstable (though for Debian, the change hasn't been pushed to the repositories yet).

via Reddit

0 comments:

Post a Comment