CVE-2020-28049

NameCVE-2020-28049
DescriptionAn issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2436-1, DSA-4783-1
NVD severitylow
Debian Bugs973748

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sddm (PTS)stretch0.14.0-4+deb9u1vulnerable
stretch (security)0.14.0-4+deb9u2fixed
buster0.18.0-1vulnerable
buster (security)0.18.0-1+deb10u1fixed
bullseye, sid0.19.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sddmsourcestretch0.14.0-4+deb9u2DLA-2436-1
sddmsourcebuster0.18.0-1+deb10u1DSA-4783-1
sddmsource(unstable)0.19.0-1973748

Notes

https://www.openwall.com/lists/oss-security/2020/11/04/2
https://github.com/sddm/sddm/commit/be202f533ab98a684c6a007e8d5b4357846bc222
https://bugzilla.suse.com/show_bug.cgi?id=1177201

Search for package or bug name: Reporting problems