PT-2019-5252 · Red Hat+5 · Ibus+6

Published

2019-07-30

·

Updated

2024-06-15

·

CVE-2019-14822

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions ibus versions prior to 1.5.22
Description A flaw in ibus allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. This issue can be exploited by a local attacker to intercept keystrokes of a victim user, change the input method engine, or modify other input-related configurations. The vulnerability is related to a lack of authorization when the DBus server is misconfigured.
Recommendations For ibus versions prior to 1.5.22, update to version 1.5.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the DBus server to minimize the risk of exploitation.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

ALSA-2020:1880
ALT-PU-2020-1499
ALT-PU-2020-1842
BDU:2020-02043
CESA-2020_1880
CESA-2020_3978
CVE-2019-14822
DSA-4525-1
MGASA-2019-0284
OESA-2021-1418
OPENSUSE-SU-2019:2174-1
OPENSUSE-SU-2019:2199-1
OPENSUSE-SU-2019_2174-1
OPENSUSE-SU-2019_2199-1
OPENSUSE-SU-2024:10853-1
RHSA-2020:1880
RHSA-2020:3978
RHSA-2020_1880
RHSA-2020_3978
SUSE-SU-2019:2387-1
SUSE-SU-2019:2388-1
SUSE-SU-2019:2389-1
SUSE-SU-2019:2427-1
SUSE-SU-2019_2387-1
SUSE-SU-2019_2388-1
SUSE-SU-2019_2389-1
SUSE-SU-2019_2427-1
USN-4134-1
USN-4134-2
USN-4134-3

Affected Products

Alt Linux
Almalinux
Centos
Red Hat
Suse
Ubuntu
Ibus