Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 13 Sep 2019 09:18:08 +0200
From: Riccardo Schirone <rschiron@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2019-14822 ibus: missing authorization flaw

A security flaw in ibus was reported by Simon McVittie (Collabora Ltd.). It was
discovered that any unprivileged user could monitor and send method calls to the
ibus bus of another user, due to a misconfiguration during the setup of the DBus
server. CVE-2019-14822 has been assigned to this flaw.

When ibus is in use, a local attacker, who discovers the UNIX socket used by
another user connected on a graphical environment, could use this flaw to
intercept all keystrokes of the victim user or modify input related
configurations through DBus method calls.

ibus uses a GDBusServer with G_DBUS_SERVER_FLAGS_AUTHENTICATION_ALLOW_ANONYMOUS,
and doesn't set a GDBusAuthObserver, which allows anyone who can connect to its
AF_UNIX socket to authenticate and be authorized to send method calls.

ibus can be manually selected by setting GTK_IM_MODLUE=ibus or it could be
automatically selected by graphical environments like Gnome, when input method
sources (e.g. Korean, Chinese input method sources) are in use. In these
cases, all the key strokes of the victim user are sent to the ibus interface
and they could be intercepted by an attacker.

Upstream fix:
https://github.com/ibus/ibus/commit/3d442dbf936d197aa11ca0a71663c2bc61696151

Thanks,
-- 
Riccardo Schirone
Red Hat -- Product Security
Email: rschiron@...hat.com
PGP-Key ID: CF96E110

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.