[Bug 1595507] [NEW] World readable X11 Cookie key logger

Thu, 23 Jun 2016 05:16:51 -0700 

Public bug reported:

KDE Project Security Advisory
=============================

Title:          kinit: World readable X11 Cookie key logger
Risk Rating:    Important
CVE:            CVE-2016-3100
Platforms:      X11
Versions:       kinit < 5.23
Author:         Siddharth Sharma siddharth....@gmail.com
Date:           21 June 2016

Overview
========

An authorized user can log key events of other user by accessing
world-readable X11 cookie


Impact
======

Pre-authenticated attacker can read all key events by the users logged on
to the system.

Workaround
==========

None

Solution
========

For kinit apply the following patches:
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58

References
==========

https://bugs.kde.org/show_bug.cgi?id=358593
https://bugs.kde.org/show_bug.cgi?id=363140

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: kinit 5.18.0-0ubuntu1
ProcVersionSignature: Ubuntu 4.4.0-24.43-generic 4.4.10
Uname: Linux 4.4.0-24-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: KDE
Date: Thu Jun 23 14:06:42 2016
InstallationDate: Installed on 2016-02-11 (132 days ago)
InstallationMedia: Ubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
SourcePackage: kinit
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: kinit (Ubuntu)
     Importance: High
     Assignee: Philip Muškovac (yofel)
         Status: New

** Affects: kinit (Ubuntu Xenial)
     Importance: High
     Assignee: Philip Muškovac (yofel)
         Status: New


** Tags: amd64 apport-bug xenial

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3100

** Changed in: kinit (Ubuntu)
   Importance: Undecided => High

** Changed in: kinit (Ubuntu)
     Assignee: (unassigned) => Philip Muškovac (yofel)

** Also affects: kinit (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: kinit (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: kinit (Ubuntu Xenial)
     Assignee: (unassigned) => Philip Muškovac (yofel)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1595507

Title:
  World readable X11 Cookie key logger

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kinit/+bug/1595507/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to