Hola, encara que no és un dubte de funcionament crec que afecta a molta gent (sobre tot aquells que es deixen els portàtils amb aplicacions obertes i s'en van a donar un tomb)
Sam Morris ha reportat una vulnerabilitat al gnome-screensaver, que pot ferse servir per guanyar accés al sistema passant del password de protecció del screensaver. Si el servidor de X s'ha llençat amb les opcions AllowDeactivateGrabs i AllowClosedownGrabs (crec que fucionen per defecte en una instalació de X per defecte), és possible matar (kill) el procés del screensaver (mitjançat combinacions de les hot keys) i *rebelar* (fer apareixer) l'escriptori. La vulnerabilitat afecta fins a la versió 2.13 (gnome acaba de treure la versió 2.14, a veure si podem fer un upgrade dintre de poc :) apa, 8-) Begin forwarded message: TITLE: Gnome Screensaver Password Bypass Vulnerability SECUNIA ADVISORY ID: SA19280 VERIFY ADVISORY: http://secunia.com/advisories/19280/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: Local system SOFTWARE: GNOME Screensaver 2.x http://secunia.com/product/8800/ DESCRIPTION: Sam Morris has reported a vulnerability in gnome-screensaver, which can be exploited by a malicious person with physical access to a system to bypass the password protected screensaver. If the X server is running with the "AllowDeactivateGrabs" and "AllowClosedownGrabs" options set, it is possible to kill the screensaver process via hotkey combinations and reveal the desktop. The vulnerability has been reported in version 2.13. Prior versions may also be affected. SOLUTION: The vulnerability has reportedly been fixed in version 2.14. PROVIDED AND/OR DISCOVERED BY: Sam Morris ORIGINAL ADVISORY: http://bugzilla.gnome.org/show_bug.cgi?id=326663 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=hubble%40flashmail.com ---------------------------------------------------------------------- -- ***************************************************************** * gpg --keyserver pgp.mit.edu --recv-keys 2E402485 * *****************************************************************