Information disclosure vulnerability in locked desktop

Bug #1005619 reported by Marko Ruotsalainen
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnome-screensaver (Ubuntu)

Bug Description

Locked Ubuntu 10.04 desktop

When connecting a USB-device (tested with mobile phone) and simultaneously moving mouse or doing a few keystrokes, it is possible to get the last active window visible on the screen. It can take a lot of tries or just a few, not sure what causes it (slow movement, timing with USB connection, etc?). Many times the top and bottom panels get revealed showing the open program names.

This might be a race condition of some sort, but I haven't really debugged what goes on. When the mobile phone (Symbian) is inserted into USB port, it opens up two windows stating "a media which contain digital photos have been inserted" and prompts for user action.

Because Ubuntu 10.04 LTS is still almost a year supported, this is a risk for organisations that continue the use of this version (hotel rooms, meeting rooms, workplace, etc). I haven't been able to replicate this in Ubuntu 12.04 LTS setups.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: gnome-screensaver 2.30.0-0ubuntu2.1
ProcVersionSignature: Ubuntu 2.6.32-41.89-generic
Uname: Linux 2.6.32-41-generic i686
Architecture: i386
Date: Mon May 28 20:37:32 2012
GnomeSessionIdleInhibited: No
GnomeSessionInhibitors: None
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100427.1)
SourcePackage: gnome-screensaver
Symptom: security
Title: Screen locking issue
WindowManager: gnome-wm

Revision history for this message
Marko Ruotsalainen (mruotsal) wrote :
visibility: private → public
Changed in gnome-screensaver (Ubuntu):
status: New → Confirmed
status: Confirmed → Triaged
Revision history for this message
Johan Ryberg (jryberg) wrote :

Could this one be related to 390989?

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

No, this is likely a compiz layering issue.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Possibly dupe of 886605.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers