Ubuntu
kinit package

World readable X11 Cookie key logger

Bug #1595507 reported by Philip Muškovac
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kinit (Ubuntu)
Fix Released
High
Philip Muškovac
Xenial
Fix Released
High
Steve Beattie

Bug Description

KDE Project Security Advisory
=============================

Title: kinit: World readable X11 Cookie key logger
Risk Rating: Important
CVE: CVE-2016-3100
Platforms: X11
Versions: kinit < 5.23
Author: Siddharth Sharma <email address hidden>
Date: 21 June 2016

Overview
========

An authorized user can log key events of other user by accessing
world-readable X11 cookie

Impact
======

Pre-authenticated attacker can read all key events by the users logged on
to the system.

Workaround
==========

None

Solution
========

For kinit apply the following patches:
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58

References
==========

https://bugs.kde.org/show_bug.cgi?id=358593
https://bugs.kde.org/show_bug.cgi?id=363140

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: kinit 5.18.0-0ubuntu1
ProcVersionSignature: Ubuntu 4.4.0-24.43-generic 4.4.10
Uname: Linux 4.4.0-24-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: KDE
Date: Thu Jun 23 14:06:42 2016
InstallationDate: Installed on 2016-02-11 (132 days ago)
InstallationMedia: Ubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
SourcePackage: kinit
UpgradeStatus: No upgrade log present (probably fresh install)

CVE References

Revision history for this message
Philip Muškovac (yofel) wrote :
Changed in kinit (Ubuntu):
assignee: nobody → Philip Muškovac (yofel)
importance: Undecided → High
Changed in kinit (Ubuntu Xenial):
assignee: nobody → Philip Muškovac (yofel)
importance: Undecided → High
Philip Muškovac (yofel)
Changed in kinit (Ubuntu):
status: New → In Progress
Changed in kinit (Ubuntu Xenial):
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package kinit - 5.22.0-0ubuntu2

---------------
kinit (5.22.0-0ubuntu2) yakkety; urgency=medium

  * Security update CVE-2016-3100 (LP: #1595507)
    - add upstream_permissions-of-tmp-xauth-xxx-_y.diff
    - add upstream_Fix-race-in-which-the-file-containing-the-X11-cookie.diff

 -- Philip Muškovac <email address hidden> Thu, 23 Jun 2016 20:03:00 +0200

Changed in kinit (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

This is currently in the SRU queue, but shouldn't this go via -security?

information type: Public → Private Security
information type: Private Security → Public Security
Steve Beattie (sbeattie)
Changed in kinit (Ubuntu Xenial):
assignee: Philip Muškovac (yofel) → Steve Beattie (sbeattie)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package kinit - 5.18.0-0ubuntu1.1

---------------
kinit (5.18.0-0ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: World readable X11 Cookie permissions problem
    (LP: #1595507)
    - add upstream_permissions-of-tmp-xauth-xxx-_y.diff
    - add upstream_Fix-race-in-which-the-file-containing-the-X11-cookie.diff
    - CVE-2016-3100
  * Update the Vcs URLs now that the repositories are hosted on
    Launchpad

 -- Philip Muškovac <email address hidden> Fri, 24 Jun 2016 15:56:13 -0700

Changed in kinit (Ubuntu Xenial):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.