Re: Root shell bug on Debian wheezy
frank.jansen@actrix.co.nz, 28.02.2013:
> Greetings,
>
> A root shell sometimes appears during the login sequence on a Debian
> Wheezy system servicing thin clients. The root shell appears after one
> enters a login and a password then presses random keys until a box appears
> with the root prompt and perhaps the rest of the login window.
>
> A "whoami" has output "root". A "hostname" shows "ltsp38". The linux
> running appears to be that on the thin client and not the server. The
> filesystem shown is not that of the server and looks like what should be
> on the thin client.
>
> Doing a "shutdown" shuts down the client and nothing else. Can't create a
> directory in /etc but can output a file in to /home. The file in /home is
> gone after the next login.
>
> This is a bug, what should be done to deal with it ?
> Thanks in advance.
I don't have any personal experience with thin clients, but I googled
"root shell pops up on thin client" and found
http://www.securityfocus.com/archive/1/369833
which is about such vulnerabilities in the firmware of eSeSIX
Thintune brand/model thin clients. Vulnerability #3 says to press
<CTRL><SHIFT><ALT><DEL> and enter "maertsJ" as password, to get an xterm
with root privileges. That's from 2004 but sounds somewhat similar to
your situation and might still be relevant. A firmware upgrade or
deletion of a certain file was recommended.
I don't think this is a Debian bug. What brand/model is your thin
client hardware? Maybe you should search for system-specific
vulnerabilities of the sort above...
Selim
Reply to: