Bug 783039 (CVE-2012-0064)

Summary: CVE-2012-0064 xkeyboard-config: screen-saver unlock via xkb debug key actions
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: airlied, jk, jlieskov, npope+rhbugzilla, pcfe, peter.hutterer, sandro, xgl-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-06-05 21:16:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 783044, 783376    
Bug Blocks:    

Description Huzaifa S. Sidhpurwala 2012-01-19 06:13:45 UTC 
It was found that XKB actions for debugging X.org clients were enabled by default. This could cause a screen locking application such as gnome-screensaver to be killed when those key combinations were triggered.

The debugging key actions were introduced in the following commit:
http://cgit.freedesktop.org/xorg/xserver/commit/?id=7d2543a3cb3089241982ce4f8984fd723d5312a1

Reference:
http://thread.gmane.org/gmane.comp.security.oss.general/6725

Mitigation:
http://thread.gmane.org/gmane.comp.security.oss.general/6725/focus=6731
Comment 2 Huzaifa S. Sidhpurwala 2012-01-19 06:19:07 UTC 
This issue affects the version of xkeyboard-config as shipped with Fedora 16.

This issue does not affect the version of xkeyboard-config as shipped with Fedora 15, since the version of Xorg-x11-server does not have the relevant code to trigger the flaw.
Comment 3 Huzaifa S. Sidhpurwala 2012-01-19 06:30:55 UTC 
Created xkeyboard-config tracking bugs for this issue

Affects: fedora-16 [bug 783044]
Comment 4 Huzaifa S. Sidhpurwala 2012-01-19 07:32:53 UTC 
Xorg supports use of the Ctrl+Alt+Keypad-Multiply key sequence to kill clients with an active keyboard or mouse grab as well as killing any application that may have locked the server. This is disabled by default and can be enabled by adding the following line to xorg.conf:

Option "AllowClosedownGrabs" "on"

However the disabled grab support was removed in the server 1.4 development cycle. since then, the xorg.conf option had no effect (though the man page entry was removed later in the 1.6 cycle). it was re-introduced in the 1.11 development cycle, so the first version affected is 1.11.1 (Fedora-16)

In Red Hat Enterprise Linux 4 and 5 the above mentioned xorg.conf configuration directive is disabled by default, which prevents occurrence of this flaw and allows to enable this behaviour only in cases, where it is desired. The version of Xorg shipped with Red Hat Enterprise Linux 6 is not affected, because the relevant code is missing.

This issue was fixed in Fedora by removing the relevant portion of the keyboard mapping from the xfree86 config file.
Comment 5 Huzaifa S. Sidhpurwala 2012-01-19 07:58:23 UTC 
This issue did NOT affect the version of xorg-x11 and xkeyboard-config in
Red Hat Enterprise Linux 4 and 5 respectively.

This issue did NOT affect the version of xkeyboard-config in
Red Hat Enterprise Linux 6.
Comment 6 Vincent Danen 2012-01-19 17:16:43 UTC 
Statement:


Not vulnerable. This issue did not affect versions of xorg-x11 as shipped with Red Hat Enterprise Linux 4. This issue did not affect versions of xkeyboard-config as shipped with Red Hat Enterprise Linux 5 and 6.
Comment 7 Fedora Update System 2012-01-19 22:01:28 UTC 
xkeyboard-config-2.3-3.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Kurt Seifried 2012-01-19 23:03:11 UTC 
*** Bug 783261 has been marked as a duplicate of this bug. ***
Comment 11 Dave Airlie 2012-01-20 09:36:52 UTC 
*** Bug 783382 has been marked as a duplicate of this bug. ***
Comment 13 Vegard Lima 2012-01-26 08:08:44 UTC 
Was this supposed to fix this issue:

$ rpm -q xkeyboard-config
xkeyboard-config-2.3-3.fc16.noarch
$ qdbus org.freedesktop.ScreenSaver /ScreenSaver Lock

Pressing Control+Alt+KeypadMultiply unlocks the screen.
Comment 14 Huzaifa S. Sidhpurwala 2012-01-26 08:17:27 UTC 
(In reply to comment #13)
> Was this supposed to fix this issue:
> 
> $ rpm -q xkeyboard-config
> xkeyboard-config-2.3-3.fc16.noarch
> $ qdbus org.freedesktop.ScreenSaver /ScreenSaver Lock
> 
> Pressing Control+Alt+KeypadMultiply unlocks the screen.

Did you re-start X after installing the updates?
Comment 15 Vegard Lima 2012-01-26 08:31:14 UTC 
(In reply to comment #14)
> (In reply to comment #13)
> > Was this supposed to fix this issue:
> > 
> > $ rpm -q xkeyboard-config
> > xkeyboard-config-2.3-3.fc16.noarch
> > $ qdbus org.freedesktop.ScreenSaver /ScreenSaver Lock
> > 
> > Pressing Control+Alt+KeypadMultiply unlocks the screen.
> 
> Did you re-start X after installing the updates?

Yes, X was restarted. Whole machine rebooted in fact.

I forgot to mention I'm using KDE.
Comment 16 Peter Hutterer 2012-01-26 22:27:08 UTC 
Vegard, I need the output of "xkbcomp -xkb :0 -", your xorg.conf (if any) and whatever KDE settings you have configured for your keyboard.
Comment 17 Vegard Lima 2012-01-27 06:23:44 UTC 
(In reply to comment #16)
> Vegard, I need the output of "xkbcomp -xkb :0 -", your xorg.conf (if any) and
> whatever KDE settings you have configured for your keyboard.

Aha! I was using and old xkb dump to switch "ยค" and "$" on my keyboard.
My mistake. Terribly sorry for the noise.