| 2012-03-12 19:46:42 |
Stéphane Graber |
bug |
|
|
added bug |
| 2012-03-12 20:00:36 |
Stéphane Graber |
attachment added |
|
natty.debdiff https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/953340/+attachment/2858402/+files/natty.debdiff |
|
| 2012-03-12 20:00:44 |
Marc Deslauriers |
visibility |
private |
public |
|
| 2012-03-12 20:00:51 |
Stéphane Graber |
attachment added |
|
oneiric.debdiff https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/953340/+attachment/2858403/+files/oneiric.debdiff |
|
| 2012-03-12 20:06:57 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Natty |
|
| 2012-03-12 20:06:57 |
Marc Deslauriers |
bug task added |
|
ldm (Ubuntu Natty) |
|
| 2012-03-12 20:06:57 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Oneiric |
|
| 2012-03-12 20:06:57 |
Marc Deslauriers |
bug task added |
|
ldm (Ubuntu Oneiric) |
|
| 2012-03-12 20:06:57 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Precise |
|
| 2012-03-12 20:06:57 |
Marc Deslauriers |
bug task added |
|
ldm (Ubuntu Precise) |
|
| 2012-03-12 20:07:11 |
Marc Deslauriers |
ldm (Ubuntu Natty): status |
New |
Confirmed |
|
| 2012-03-12 20:07:13 |
Marc Deslauriers |
ldm (Ubuntu Oneiric): status |
New |
Confirmed |
|
| 2012-03-12 20:07:16 |
Marc Deslauriers |
ldm (Ubuntu Precise): status |
New |
Confirmed |
|
| 2012-03-12 20:07:22 |
Marc Deslauriers |
ldm (Ubuntu Precise): assignee |
|
Stéphane Graber (stgraber) |
|
| 2012-03-12 20:07:26 |
Marc Deslauriers |
ldm (Ubuntu Natty): assignee |
|
Marc Deslauriers (mdeslaur) |
|
| 2012-03-12 20:07:27 |
Marc Deslauriers |
ldm (Ubuntu Oneiric): assignee |
|
Marc Deslauriers (mdeslaur) |
|
| 2012-03-12 20:07:30 |
Marc Deslauriers |
ldm (Ubuntu Natty): importance |
Undecided |
High |
|
| 2012-03-12 20:07:32 |
Marc Deslauriers |
ldm (Ubuntu Oneiric): importance |
Undecided |
High |
|
| 2012-03-12 20:07:35 |
Marc Deslauriers |
ldm (Ubuntu Precise): importance |
Undecided |
High |
|
| 2012-03-12 20:13:49 |
Marc Deslauriers |
cve linked |
|
2012-1166 |
|
| 2012-03-12 20:15:45 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
| 2012-03-12 20:54:26 |
Stéphane Graber |
description |
Starting with ldm 2.2.x upstream switched to wwm as a minimal window manager for ldm, though it only recently was discovered that it ships with a keybinding allowing to spawn an xterm.
As the ldm greeter runs as root, this essentially allows for a passwordless root shell to be spawned on any LTSP thin client since Ubuntu 11.04.
While definitely quite bad, it's not horribly bad as all thin clients are booted from the network with their filesystem downloaded cleartext from the network, we already consider them as non secure machines to start with.
The fix upstream is to turn off all the keybindings in wwm as it was meant to be from the beginning.
I commited the bugfix upstream and we'll release a new version today for upload to Debian and sync into Precise.
I'm going to provide two debdiffs in the next few minutes cherry-picking the fix for Ubuntu 11.04 and 11.10.
For the record, the keybinding is KP_RETURN.
The original reporter for this security issue is "Tenho Tuhkala" with the bug tracked down and fixed by me. |
Starting with ldm 2.2.x upstream switched to wwm as a minimal window manager for ldm, though it only recently was discovered that it ships with a keybinding allowing to spawn an xterm.
As the ldm greeter runs as root, this essentially allows for a passwordless root shell to be spawned on any LTSP thin client since Ubuntu 11.04.
While definitely quite bad, it's not horribly bad as all thin clients are booted from the network with their filesystem downloaded cleartext from the network, we already consider them as non secure machines to start with.
The fix upstream is to turn off all the keybindings in wwm as it was meant to be from the beginning.
I commited the bugfix upstream and we'll release a new version today for upload to Debian and sync into Precise.
I'm going to provide two debdiffs in the next few minutes cherry-picking the fix for Ubuntu 11.04 and 11.10.
For the record, the keybinding is KP_RETURN. Easiest way to trigger it is by doing alt+enter or switching to the second workspace (alt+2) then simply pressing enter.
The original reporter for this security issue is "Tenho Tuhkala" with the bug tracked down and fixed by me. |
|
| 2012-03-12 22:37:54 |
Launchpad Janitor |
ldm (Ubuntu Natty): status |
Confirmed |
Fix Released |
|
| 2012-03-12 22:37:58 |
Launchpad Janitor |
ldm (Ubuntu Oneiric): status |
Confirmed |
Fix Released |
|
| 2012-03-13 00:10:36 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/oneiric-security/ldm |
|
| 2012-03-13 00:10:38 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/natty-security/ldm |
|
| 2012-03-13 14:59:57 |
Stéphane Graber |
ldm (Ubuntu Precise): status |
Confirmed |
Fix Released |
|
