ALT-PU-2020-3209-1
Closed vulnerabilities
Published: 2020-10-01
BDU:2021-01700
Уязвимость компонента X server экранного менеджера SDDM, связанная с одновременным выполнением с использованием общего ресурса с неправильной синхронизацией, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
Severity: MEDIUM (6.3)
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
References:
Published: 2020-11-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-28049
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.
Severity: MEDIUM (6.3)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
References:
- openSUSE-SU-2020:1870
- openSUSE-SU-2020:1870
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-28049
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-28049
- https://github.com/sddm/sddm/blob/v0.19.0/ChangeLog
- https://github.com/sddm/sddm/blob/v0.19.0/ChangeLog
- https://github.com/sddm/sddm/releases
- https://github.com/sddm/sddm/releases
- [debian-lts-announce] 20201106 [SECURITY] [DLA 2436-1] sddm security update
- [debian-lts-announce] 20201106 [SECURITY] [DLA 2436-1] sddm security update
- FEDORA-2021-7066b95c99
- FEDORA-2021-7066b95c99
- GLSA-202402-02
- GLSA-202402-02
- DSA-4783
- DSA-4783