Lucene search
+L

xlock.txt

🗓️ 19 Apr 2001 00:00:00Reported by Marco van BerkumType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 27 Views

User can bypass xlock security by pressing ENTER when not setuid root; needs proper .xlockrc.

Code
`Hi,  
  
I came across a nice xlock bug when i noticed i couldnt log in again as  
user after i "locked" my windowmaker screen. Xlock (afaik) is suid by  
default to read passwords from /etc/shadow. I removed most suidbits on my  
Slackware 7.1 box. Also the suidbit on my xlock has been removed.  
  
Problem:  
Any user with physical access can get into the window manager screen by  
simply pressing ENTER when xlock is not setuid root. With a default  
Slackware install and also with a default xlockmore install there is no  
file named .xlockrc created. After executing xlock and pressing ENTER  
a empty DES string is placed in .xlockrc and can therefore be used as  
'valid' login.  
  
This works for all userlogins except root because root can be checked  
with /etc/shadow. This also doesnt work when there is a correct (according  
to /etc/shadow) DES string in $HOME/.xlockrc (This is explained somewhere  
in the README file).  
  
Fix: set suidbit on xlock ?!?!?! Or give all users who need physical  
windowmanageraccess a correct .xlockrc file.  
  
grtz,  
Marco van Berkum  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation