[Secure-testing-team] Bug#510851: [kdesktop] kdesktop_lock can be unlocked by scim

Resul Cetin Resul-Cetin at gmx.net
Mon Jan 5 12:08:54 UTC 2009 

Package: kdesktop
Version: 4:3.5.9.dfsg.1-6
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org

It is possible to unlock kdesktop_lock on systems with configured scim without 
entering a password. This makes it possible to access data of other users or 
access random locked PCs (best place to start such an attack would be in some 
asian countries).
The system was configure as described in
 http://ubuntuforums.org/showthread.php?p=2704098 but with japanese tables.
You must be sure that scim is enabled (for example by pressing ctrl+space and 
entering some test data. Then start kdesktop_lock manually by calling 
`kdesktop_lock --forcelock` and move your mouse/press some key to start the 
password dialog. Just press cancel and move your mouse or press something on 
you keyboard again. This should crash kdesktop_lock and enable access to the 
desktop.

It was tested on different systems and it could reproduced on all.

This problem is also known by upstream but marked it as invalid because 
kdesktop isn't maintained anymore (instead they thing everybody should use kde 
4 stuff). http://bugs.kde.org/show_bug.cgi?id=149512

Only workaround seems to disable scim and stop to write in a foreign language 
with complex characters... which is not acceptable.


--- System information. ---
Architecture: i386
Kernel:       Linux 2.6.26-1

Debian Release: 5.0
  500 unstable        ftp.de.debian.org 
  500 testing         debian.netcologne.de 

--- Package information. ---
Depends                        (Version) | Installed
========================================-+-=====================
kdelibs4c2a                 (>= 4:3.5.9) | 4:3.5.10.dfsg.1-1
libc6                         (>= 2.7-1) | 2.7-16
libgcc1                     (>= 1:4.1.1) | 1:4.3.2-1.1
libgl1-mesa-glx                          | 7.2-1
 OR libgl1                               | 
libglu1-mesa                             | 7.0.3-7
 OR libglu1                              | 
libkonq4                    (>= 4:3.5.9) | 4:3.5.9.dfsg.1-6
libqt3-mt                  (>= 3:3.3.8b) | 3:3.3.8b-5
libstdc++6                    (>= 4.1.1) | 4.3.2-1.1
libx11-6                                 | 2:1.1.5-2
libxau6                                  | 1:1.0.3-3
libxcursor1                   (>> 1.1.2) | 1:1.1.9-1
libxext6                                 | 2:1.0.4-1
libxss1                                  | 1:1.1.3-1
libxxf86misc1                            | 1:1.0.1-3
kdebase-bin         (= 4:3.5.9.dfsg.1-6) | 4:3.5.9.dfsg.1-6
kdeeject                                 | 4:3.5.9.dfsg.1-6

More information about the Secure-testing-team mailing list