Oval Definition:oval:org.opensuse.security:def:201814345
Revision Date:2022-06-30Version:1
Title:CVE-2018-14345
Description:

An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-14345
Mitre CVE-2018-14345
SUSE CVE-2018-14345
openSUSE-SU-2018:2310-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Tumbleweed
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • sddm-0.17.0-lp150.9.3 is installed
  • AND sddm is signed with openSUSE key
  • OR
  • sddm-branding-openSUSE-0.17.0-lp150.9.3 is installed
  • AND sddm-branding-openSUSE is signed with openSUSE key
  • OR
  • sddm-branding-upstream-0.17.0-lp150.9.3 is installed
  • AND sddm-branding-upstream is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • sddm-0.19.0-4.2 is installed
  • OR sddm-branding-openSUSE-0.19.0-4.2 is installed
  • OR sddm-branding-upstream-0.19.0-4.2 is installed
    • Definition Synopsis
  • openSUSE Leap 15.3 is installed
  • AND Package Information
  • sddm-0.18.0-lp153.1.31 is installed
  • AND sddm is signed with openSUSE key
  • OR
  • sddm-branding-openSUSE-0.18.0-lp153.1.31 is installed
  • AND sddm-branding-openSUSE is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 15.4 is installed
  • AND Package Information
  • sddm-0.19.0-lp154.3.6 is installed
  • AND sddm is signed with openSUSE key
  • OR
  • sddm-branding-openSUSE-0.19.0-lp154.3.6 is installed
  • AND sddm-branding-openSUSE is signed with openSUSE key
    • BACK