Bug 1717958 (CVE-2019-14822)
| Summary: | CVE-2019-14822 ibus: missing authorization allows local attacker to access the input bus of another user | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | alexl, eng-i18n-bugs, i18n-bugs, petersen, pnemade, pwu, rschiron, security-response-team, shawn.p.huang, tfujiwar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ibus 1.5.22 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was discovered in ibus that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-04-28 16:32:53 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1750835, 1750836, 1751940 | ||
| Bug Blocks: | 1717963 | ||
|
Description
Dhananjay Arunesh
2019-06-06 14:21:01 UTC
An attacker who can access the AF_UNIX socket of another user could use it to monitor all the DBus methods called on the bus or call most available methods without any authorization check. This flaw could be used to intercept all the key strokes of a user connected to the graphical interface (e.g. gnome), change input context and perform other operations regularly done by the ibus command. Acknowledgments: Name: Simon McVittie (Collabora Ltd.) ibus receives the pressed key events only if an ibus Input Method (IM) framework is in use (e.g. Korean from the ibus-hangul package, Chinese input methods from the ibus-libpinyin, etc.), otherwise the Gnome uses other input frameworks (e.g. gtk-im-context-simple). Thus, the ability of an attacker to intercept the pressed keys depends on the Input Method configuration in use by the victim user. Statement: Gnome uses the ibus input framework only when the user explicitly configures it or when some input method sources are in use, like Korean from the ibus-hangul package or Chinese input methods from the ibus-libpinyin. Input methods like en-US are not handled by ibus, thus if the victim user just use them the attacker will not be able to intercept the key strokes of that user. Created ibus tracking bugs for this issue: Affects: fedora-all [bug 1751940] oss-security email: https://www.openwall.com/lists/oss-security/2019/09/13/1 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1880 https://access.redhat.com/errata/RHSA-2020:1880 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14822 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3978 https://access.redhat.com/errata/RHSA-2020:3978 |