slim gives root access
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
slim (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge |
Bug Description
Hello,
I think that I may have discovered a vulnerability in the
Simple Login Manager (or SLIM), I have checked the
bugs on launchpad and I can't see if this bug is a duplicate.
The vulnerability that i think i've discovered is as follows:
When you are at the logon prompt of SLIM, and you can
type in to the username box 'console' (this would open a
console windows in the top-right hand corner and display
a login prompt), I have found by pressing CTRL+SHIFT
+T, which would usually display a new tab in the terminal,
but in this case, it actually showed a logged in root shell.
I am using Ubuntu 9.10. I haven't been able to see if
SLIM has the same vulnerability in Ubuntu 11.04 as of
yet.
The SLIM version I am using is: 1.3.1-2~kkxfce3
On my machine I just commented out the console line in
the '/etc/slim.conf' to disable the console login shell.
I have enclosed a image (.png) showing the root shell open
on SLIM.
Thanks,
shymega.
Thank you for using Ubuntu and reporting a bug. I am unable to reproduce this on Ubuntu 11.04. Ubuntu 9.10 is no longer supported and I encourage you to upgrade to Ubuntu 10.04 LTS. After you do so, can you try to reproduce on 10.04 and report back? Thanks