Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 661510 (CVE-2018-14345) - <x11-misc/sddm-0.18.0: Privilege Escalation via dbus-daemon
Summary: <x11-misc/sddm-0.18.0: Privilege Escalation via dbus-daemon
Status: IN_PROGRESS
Alias: CVE-2018-14345
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/sddm/sddm/releases...
Whiteboard: B3 [noglsa cve cleanup]
Keywords: PMASKED
Depends on:
Blocks:
 
Reported: 2018-07-18 14:18 UTC by Manuel Rüger
Modified: 2019-03-10 13:29 UTC (History)
1 user (show)

See Also:
Package list:
x11-misc/sddm-0.18.0
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Manuel Rüger gentoo-dev 2018-07-18 14:18:30 UTC
An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.
Comment 1 Larry the Git Cow gentoo-dev 2018-07-22 11:21:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae159450bf401ffa9651ce243e8c12ca088e127b

commit ae159450bf401ffa9651ce243e8c12ca088e127b
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-07-21 21:07:45 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-07-22 11:21:17 +0000

    x11-misc/sddm: 0.18.0 version bump
    
    Bug: https://bugs.gentoo.org/661510
    Package-Manager: Portage-2.3.43, Repoman-2.3.10

 x11-misc/sddm/Manifest                            |  1 +
 x11-misc/sddm/files/sddm-0.18.0-Xsession.patch    | 24 ++++++
 x11-misc/sddm/files/sddm-0.18.0-sddmconfdir.patch | 32 ++++++++
 x11-misc/sddm/sddm-0.18.0.ebuild                  | 96 +++++++++++++++++++++++
 4 files changed, 153 insertions(+)
Comment 2 Manuel Rüger gentoo-dev 2018-07-26 13:44:42 UTC
Adding arches
Comment 3 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-07-26 21:44:42 UTC
amd64 stable
Comment 4 Thomas Deutschmann gentoo-dev Security 2018-07-28 13:45:51 UTC
x86 stable
Comment 5 Larry the Git Cow gentoo-dev 2018-11-13 21:30:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e996d8c5d2e1f27ad0eceed39173e46039c8a5b

commit 5e996d8c5d2e1f27ad0eceed39173e46039c8a5b
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-11-13 15:29:54 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-11-13 21:30:42 +0000

    x11-misc/sddm: Drop vulnerable 0.17.0-r4
    
    Bug: https://bugs.gentoo.org/661510
    Package-Manager: Portage-2.3.51, Repoman-2.3.12
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 x11-misc/sddm/Manifest                             |  1 -
 x11-misc/sddm/files/sddm-0.16.0-Xsession.patch     | 24 -------
 x11-misc/sddm/files/sddm-0.17.0-consolekit.patch   | 22 ------
 x11-misc/sddm/files/sddm-0.17.0-logind-race.patch  | 26 -------
 .../files/sddm-0.17.0-switchtogreeter-r1.patch     | 54 --------------
 x11-misc/sddm/sddm-0.17.0-r4.ebuild                | 84 ----------------------
 6 files changed, 211 deletions(-)
Comment 6 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-11-25 01:54:54 UTC
@Andreas, what about 0.15.0 here?
Comment 7 Larry the Git Cow gentoo-dev 2018-11-25 19:28:51 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2196a02524145987ac3f6dd1b62e8c2c73279e0

commit e2196a02524145987ac3f6dd1b62e8c2c73279e0
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-11-25 19:26:32 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-11-25 19:28:28 +0000

    profiles: Mask vulnerable <x11-misc/sddm-0.18.0
    
    Bug: https://bugs.gentoo.org/661510
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 profiles/package.mask | 5 +++++
 1 file changed, 5 insertions(+)
Comment 8 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-03-10 04:15:32 UTC
(In reply to Larry the Git Cow from comment #7)
> The bug has been referenced in the following commit(s):
> 
> https://gitweb.gentoo.org/repo/gentoo.git/commit/
> ?id=e2196a02524145987ac3f6dd1b62e8c2c73279e0
> 
> commit e2196a02524145987ac3f6dd1b62e8c2c73279e0
> Author:     Andreas Sturmlechner <asturm@gentoo.org>
> AuthorDate: 2018-11-25 19:26:32 +0000
> Commit:     Andreas Sturmlechner <asturm@gentoo.org>
> CommitDate: 2018-11-25 19:28:28 +0000
> 
>     profiles: Mask vulnerable <x11-misc/sddm-0.18.0
>     
>     Bug: https://bugs.gentoo.org/661510
>     Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
> 
>  profiles/package.mask | 5 +++++
>  1 file changed, 5 insertions(+)

Andreas, can this be dropped yet?
Comment 9 Andreas Sturmlechner gentoo-dev 2019-03-10 13:29:32 UTC
Unfortunately not. It is masked, anyway.