PT-2019-5252 · Red Hat+5 · Ibus+6

Publicado

2019-07-30

·

Atualizado

2024-06-15

·

CVE-2019-14822

CVSS v3.1

7.1

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions ibus versions prior to 1.5.22
Description A flaw in ibus allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. This issue can be exploited by a local attacker to intercept keystrokes of a victim user, change the input method engine, or modify other input-related configurations. The vulnerability is related to a lack of authorization when the DBus server is misconfigured.
Recommendations For ibus versions prior to 1.5.22, update to version 1.5.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the DBus server to minimize the risk of exploitation.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

ALSA-2020:1880
ALT-PU-2020-1499
ALT-PU-2020-1842
BDU:2020-02043
CESA-2020_1880
CESA-2020_3978
CVE-2019-14822
DSA-4525-1
MGASA-2019-0284
OESA-2021-1418
OPENSUSE-SU-2019:2174-1
OPENSUSE-SU-2019:2199-1
OPENSUSE-SU-2019_2174-1
OPENSUSE-SU-2019_2199-1
OPENSUSE-SU-2024:10853-1
RHSA-2020:1880
RHSA-2020:3978
RHSA-2020_1880
RHSA-2020_3978
SUSE-SU-2019:2387-1
SUSE-SU-2019:2388-1
SUSE-SU-2019:2389-1
SUSE-SU-2019:2427-1
SUSE-SU-2019_2387-1
SUSE-SU-2019_2388-1
SUSE-SU-2019_2389-1
SUSE-SU-2019_2427-1
USN-4134-1
USN-4134-2
USN-4134-3

Produtos afetados

Alt Linux
Almalinux
Centos
Red Hat
Suse
Ubuntu
Ibus