*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Jamie Strandboge
(jdstrand):
Ubuntu Intrepid Ibex 8.10 alpha updated
$ apt-cache policy ubuntu-desktop gdm
ubuntu-desktop:
Installed: 1.116
Candidate: 1.116
Version table:
*** 1.116 0
500 http://archive.ubuntu.com intrepid/main Packages
100 /var/lib/dpkg/status
gdm:
Installed: 2.20.8-0ubuntu1
Candidate: 2.20.8-0ubuntu1
Version table:
*** 2.20.8-0ubuntu1 0
500 http://archive.ubuntu.com intrepid/main Packages
100 /var/lib/dpkg/status
When I go from virtual console ctrl+alt+F1 to gdm ctrl+alt+f7, a part
(last characters, not all) of the password (or the last command) are
passed in the active window of gdm.
I'm not sure which package is responsible for this bug.
I am able to reproduce this 90% of the times.
In order to fully reproduce it:
1) Login with your usual username in gdm, wait until it fully loads
2) Create a new test user
3) Open gedit and leave it as the active window
4) Press ctrl+alt+F1
5) Login in virtual console with the test user
6) As soon as you're logged in, press ctrl+alt+F7 to go back, leave it for 5-6
seconds then move your mouse.
7) I got the test user's password - while the full test password was
"traxanas", in text editor (gedit) it showed the last part "axanas"
8) Make the gedit window active again, and go back to ctrl+alt+F1, type "exit"
Without pressing anything, the virtual console takes you directly to gdm. Leave
it for 5-6 seconds and move your mouse.
It typed "exit" in the active gedit window. It also opened the gedit manual.
** Affects: ubuntu
Importance: Undecided
Status: New
--
intrepid - ctrl-alt-F1 feeds keystrokes to ctrl-alt-F7 gdm
https://bugs.launchpad.net/bugs/275660
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
