Ubuntu
unity package

Information disclosure when using an external monitor on a screen-locked system

Bug #960073 reported by Nick Moffitt on 2012-03-20

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	Unity	Confirmed	Low	Unassigned
	unity (Ubuntu)	Confirmed	Low	Unassigned

Bug Description

This problem occurs when my screen is locked on this laptop (such as when resuming from suspend), and I plug an external monitor in: for a brief moment the second screen shows not the locked screen graphic or a blank field, but the contents of what WILL be on that screen once the password is entered. This morning as I did this I noticed a private e-mail on that screen, and realized that this is a security risk.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: unity 5.6.0-0ubuntu4
ProcVersionSignature: Ubuntu 3.2.0-19.30-generic 3.2.11
Uname: Linux 3.2.0-19-generic x86_64
.tmp.unity.support.test.0:

ApportVersion: 1.94.1-0ubuntu2
Architecture: amd64
CompizPlugins: [core,bailer,detection,composite,opengl,decor,snap,gnomecompat,grid,regex,mousepoll,compiztoolbox,resize,move,wall,animation,vpswitch,place,imgpng,workarounds,expo,fade,ezoom,session,scale,unityshell]
CompositorRunning: compiz
Date: Tue Mar 20 10:16:40 2012
DistUpgraded: 2012-02-06 11:08:30,227 DEBUG enabling apt cron job
DistroCodename: precise
DistroVariant: ubuntu
EcryptfsInUse: Yes
GraphicsCard:
Intel Corporation Mobile 4 Series Chipset Integrated Graphics Controller [8086:2a42] (rev 07) (prog-if 00 [VGA controller])
Subsystem: Lenovo Device [17aa:20e4]
Subsystem: Lenovo Device [17aa:20e4]
MachineType: LENOVO 7465CTO
ProcEnviron:
TERM=xterm
LC_COLLATE=C
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcKernelCmdLine: root=UUID=5237fceb-23d0-412d-84d9-b8f8b3bf28af ro quiet splash
SourcePackage: unity
UpgradeStatus: Upgraded to precise on 2012-03-13 (7 days ago)
dmi.bios.date: 06/25/2009
dmi.bios.vendor: LENOVO
dmi.bios.version: 6DET55WW (3.05 )
dmi.board.name: 7465CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr6DET55WW(3.05):bd06/25/2009:svnLENOVO:pn7465CTO:pvrThinkPadX200s:rvnLENOVO:rn7465CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 7465CTO
dmi.product.version: ThinkPad X200s
dmi.sys.vendor: LENOVO
version.compiz: compiz 1:0.9.7.0+bzr3035-0ubuntu1
version.ia32-libs: ia32-libs N/A
version.libdrm2: libdrm2 2.4.30-1ubuntu1
version.libgl1-mesa-dri: libgl1-mesa-dri 8.0.1-0ubuntu5
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 8.0.1-0ubuntu5
version.xserver-xorg-core: xserver-xorg-core 2:1.11.4-0ubuntu6
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.7.0-0ubuntu1
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:6.14.99~git20111219.aacbd629-0ubuntu2
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.17.0-1ubuntu4
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:0.0.16+git20111201+b5534a1-1build2

Tags:

Revision history for this message

Nick Moffitt (nick-moffitt) wrote on 2012-03-20:

BootDmesg.txt Edit (72.0 KiB, text/plain; charset="utf-8")
BootLog.gz Edit (649 bytes, application/x-gzip)
CurrentDmesg.txt Edit (42.8 KiB, text/plain; charset="utf-8")
Dependencies.txt Edit (6.9 KiB, text/plain; charset="utf-8")
DpkgLog.txt Edit (1.7 MiB, text/plain; charset="utf-8")
GconfCompiz.txt Edit (36.9 KiB, text/plain; charset="utf-8")
GdmLog.txt Edit (39.6 KiB, text/plain; charset="utf-8")
GdmLog1.txt Edit (44.1 KiB, text/plain; charset="utf-8")
GdmLog2.txt Edit (51.3 KiB, text/plain; charset="utf-8")
LightdmDisplayLog.txt Edit (997 bytes, text/plain; charset="utf-8")
LightdmGreeterLog.txt Edit (11.3 KiB, text/plain; charset="utf-8")
LightdmLog.txt Edit (3.1 KiB, text/plain; charset="utf-8")
Lspci.txt Edit (14.3 KiB, text/plain; charset="utf-8")
Lsusb.txt Edit (712 bytes, text/plain; charset="utf-8")
MonitorsGlobal.xml.txt Edit (5.6 KiB, text/plain; charset="utf-8")
MonitorsUser.xml.txt Edit (6.7 KiB, text/plain; charset="utf-8")
ProcCpuinfo.txt Edit (1.5 KiB, text/plain; charset="utf-8")
ProcInterrupts.txt Edit (1.9 KiB, text/plain; charset="utf-8")
ProcModules.txt Edit (3.6 KiB, text/plain; charset="utf-8")
UdevDb.txt Edit (133.7 KiB, text/plain; charset="utf-8")
UdevLog.txt Edit (297.8 KiB, text/plain; charset="utf-8")
UnitySupportTest.txt Edit (608 bytes, text/plain; charset="utf-8")
XorgConf.txt Edit (1.0 KiB, text/plain; charset="utf-8")
XorgLog.txt Edit (49.4 KiB, text/plain; charset="utf-8")
XorgLogOld.txt Edit (31.5 KiB, text/plain; charset="utf-8")
Xrandr.txt Edit (7.4 KiB, text/plain; charset="utf-8")
dmidecode.txt.txt Edit (14.6 KiB, text/plain; charset="utf-8")
locale.txt Edit (315 bytes, text/plain; charset="utf-8")
peripherals.txt Edit (856 bytes, text/plain; charset="utf-8")
setxkbmap.txt Edit (306 bytes, text/plain; charset="utf-8")
xdpyinfo.txt Edit (9.7 KiB, text/plain; charset="utf-8")
xinput.txt Edit (992 bytes, text/plain; charset="utf-8")
xkbcomp.txt Edit (58.9 KiB, text/plain; charset="utf-8")

Jamie Strandboge (jdstrand) on 2012-03-25

visibility:	private → public
visibility:	private → public

Revision history for this message

Omer Akram (om26er) wrote on 2012-03-25:

that's likely a duplicate bug we should really do something about this long standing security issue.

Rick Spencer (rick-rickspencer3) on 2012-03-28

Changed in unity (Ubuntu):
importance:	Undecided → Low

Marc Deslauriers (mdeslaur) on 2012-04-06

security vulnerability:	yes → no
security vulnerability:	yes → no

Revision history for this message

Omer Akram (om26er) wrote on 2012-07-03:

this issue I believe is being looked at this development cycle.

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2012-07-03:

Might be related to bug 995387.

Revision history for this message

Nick Moffitt (nick-moffitt) wrote on 2013-05-13:

This still happens to me in Raring.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-05-26:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity (Ubuntu):
status:	New → Confirmed

Revision history for this message

Scott Ritchie (scottritchie) wrote on 2014-05-31:

Occurs in Trusty, and you don't need to actively plug in an external monitor -- I get it when the laptop was already on one, even in clamshell mode.

summary:

- Information disclosure when plugging an external monitor into a screen-
- locked system
+ Information disclosure when using an external monitor on a screen-locked
+ system

Marco Trevisan (Treviño) (3v1n0) on 2014-07-23

Changed in unity:
importance:	Undecided → Low
status:	New → Confirmed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuunity package

Information disclosure when using an external monitor on a screen-locked system

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
unity package