LightDM 1.7.13 local users obtain sensitive information

2014.02.02
Credit: Yves-Alexis Perez
Risk: Medium
Local: Yes
Remote: No
CVE: CVE-2013-4331
CWE: CWE-264


CVSS Base Score: 2.1/10
Impact Subscore: 2.9/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

By default, the Xauthority file is created with mode 644, enabling any user to hijack another user X screen. Attached patch seems to fix the problem for me. === modified file 'src/xauth.c' --- lightdm/src/xauth.c 2010-08-05 00:24:13 +0000 +++ lightdm/src/xauth.c 2010-12-04 15:13:54 +0000 @@ -12,6 +12,7 @@ #include <string.h> #include <unistd.h> #include <pwd.h> +#include <sys/stat.h> #include "xauth.h" @@ -109,6 +110,9 @@ g_object_unref (file); return FALSE; } + + if (chmod (path, S_IRUSR | S_IWUSR) != 0) + g_warning ("Failed to set permissions on authorization file"); /* NOTE: Would like to do: * g_file_set_attribute_string (file, G_FILE_ATTRIBUTE_OWNER_USER, username, G_FILE_QUERY_INFO_NONE, NULL, error))

References:

https://bugs.launchpad.net/lightdm/%2Bbug/685212


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top