Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia: 2019-0284 Critical: Ibus Local Attack and User Monitoring

mageia
Calendar Grey September 21, 2019
Dist Mageia Esm H88
Mageia Security Update MGASA-2019-0285 addresses the critical vulnerability in the libxml library that could potentially allow arbitrary code execution by a malicious user.
It was discovered that any unprivileged user could monitor and send method calls to the ibus bus of another user, due to a misconfiguration during the setup of the DBus server

Summary

It was discovered that any unprivileged user could monitor and send method calls to the ibus bus of another user, due to a misconfiguration during the setup of the DBus server. When ibus is in use, a local attacker, who discoversthe UNIX socket used by another user connected on a graphical environment, could use this flaw to intercept all keystrokes of the victim user or modify input related configurations through DBus method calls (CVE-2019-14822).

References

- https://bugs.mageia.org/show_bug.cgi?id=25434

- https://www.openwall.com/lists/oss-security/2019/09/13/1

- https://www.cve.org/CVERecord?id=CVE-2019-14822

Topics%20covered

Topics Covered

security advisory critical local attack user monitoring Mageia ibus input modification

Resolution

SRPMS

- 7/core/ibus-1.5.20-1.1.mga7

- 6/core/ibus-1.5.16-3.1.mga6

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 21 Sep 2019
URL: https://advisories.mageia.org/MGASA-2019-0284.html
Type: security
CVE: CVE-2019-14822

Topics%20covered

Topics Covered

security advisory critical local attack user monitoring Mageia ibus input modification

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here