thr3ads.net - Secure testing team - [Secure-testing-team] Bug#677418: gpm shares its clipboard among different users [Jun 2012]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Christoph Anton Mitterer

2012-Jun-13 20:41 UTC

[Secure-testing-team] Bug#677418: gpm shares its clipboard among different users

Package: gpm
Version: 1.20.4-6
Severity: grave
Tags: security upstream
Justification: user security hole


Hi.

Not sure whether noone has noticed this so far, but it seems to be worth
a CVE, IMHO.

As one can easily test, gpm uses one clip-board space for all users (including
root).
So if any of them marks anything sensitive, a following user can gather
this information.


Cheers,
Chris.

Secure testing team - Jun 2012 - Bug#677418: gpm shares its clipboard among different users

[Secure-testing-team] Bug#677418: gpm shares its clipboard among different users