Home » » Valentine pam_fprintd trickery

Valentine pam_fprintd trickery

Unknown | 8:27:00 PM | 0 comments
Anyone can give your finger by spoofing DBUS signals
to pam_fprintd, effectively bypassing fprintd authentication.
Tested with fprintd 0.41.
darklena is the PoC and the authors have been informed.

Its probably about time to check dbus-glib usage or usage
of DBUS signals in privileged code in general.

[Update:] successfully tested on a vanilla FC16 setup with
fprintd installed from repository and SELinux target config
left as-is:
Share this article :
Posted by Unknown at 8:27:00 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Support : vovantruong | |
Copyright © 2014. Tin tuc bat dong san, Nhan vien kinh doanh, De an bao ve moi truong chi tiet , ve may bay tet 2016, can ho western drangon, can ho binh tan

Blogger