940842 – (CVE-2024-45752) <app-misc/logiops-0.3.5: Privilege escalation

Bug 940842 (CVE-2024-45752) - <app-misc/logiops-0.3.5: Privilege escalation

Summary: <app-misc/logiops-0.3.5: Privilege escalation

Status:	IN_PROGRESS

Alias:	CVE-2024-45752

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://github.com/advisories/GHSA-6f...
Whiteboard:	B2 [glsa?]
Keywords:

Depends on:
Blocks:

Reported:	2024-10-05 08:02 UTC by Sam James
Modified:	2024-10-18 15:04 UTC (History)
CC List:	1 user (show)

See Also:	https://bugzilla.suse.com/show_bug.cgi?id=1226598
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2024-10-05 08:02:32 UTC

"logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction."

Comment 1 Sam James archtester

2024-10-05 08:02:44 UTC

Patch: https://github.com/PixlOne/logiops/commit/9495516e0cf5bb6d96f1785fe956de03bd6c0d1d.

Comment 2 Conrad Kostecki gentoo-dev

2024-10-05 21:23:09 UTC

0.3.5 is already in tree?