Vulnerability Name:

CVE-2020-28049 (CCN-191188)

Assigned:2020-11-04
Published:2020-11-04
Updated:2021-01-28
Summary:An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.
CVSS v3 Severity:6.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)
5.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:3.3 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-362
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2020-28049

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1870

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-28049

Source: XF
Type: UNKNOWN
sddm-cve202028049-priv-esc(191188)

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/sddm/sddm/blob/v0.19.0/ChangeLog

Source: CCN
Type: sddm GIT Repository
Fix X not having access control on startup

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/sddm/sddm/releases

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20201106 [SECURITY] [DLA 2436-1] sddm security update

Source: FEDORA
Type: Third Party Advisory
FEDORA-2021-7066b95c99

Source: CCN
Type: oss-sec Mailing List, Wed, 4 Nov 2020 11:36:13 +0100
sddm: local privilege escalation due to race condition in creation of the Xauthority file

Source: DEBIAN
Type: Third Party Advisory
DSA-4783

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sddm_project:sddm:*:*:*:*:*:*:*:* (Version < 0.19.0)

    • Configuration 2:
  • cpe:/o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:leap:15.2:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sddm:sddm:0.12.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:202028049
    V
    		CVE-2020-28049
    2022-06-30
    oval:org.opensuse.security:def:360
    P
    		sddm-0.19.0-lp154.3.6 on GA media (Moderate)
    2022-06-10
    oval:org.opensuse.security:def:113432
    P
    		sddm-0.19.0-4.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:64801
    P
    		Security update for the Linux Kernel (Important)
    2021-11-16
    oval:org.opensuse.security:def:64603
    P
    		Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:74669
    P
    		Security update for xstream (Important)
    2021-10-20
    oval:org.opensuse.security:def:106833
    P
    		sddm-0.19.0-4.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:63214
    P
    		libfreebl3-hmac-3.41.1-3.13.1 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:64557
    P
    		Security update for qemu (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:63416
    P
    		nodejs12-12.21.0-4.13.2 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63554
    P
    		libstaroffice-0_0-0-0.0.5-1.22 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:64693
    P
    		Security update for hivex (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:64694
    P
    		Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:64491
    P
    		Security update for libxml2 (Moderate)
    2021-05-05
    oval:org.opensuse.security:def:64449
    P
    		Security update for clamav (Moderate)
    2020-12-14
    oval:org.opensuse.security:def:65073
    P
    		Security update for java-11-openjdk (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64347
    P
    		liblua5_3-5-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63780
    P
    		Security update for ibus (Important)
    2020-12-01
    oval:org.opensuse.security:def:75148
    P
    		Security update for sddm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64241
    P
    		dracut on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63852
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:74543
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:64228
    P
    		conntrack-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64961
    P
    		Security update for zstd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:75015
    P
    		Security update for python-rtslib-fb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64107
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63649
    P
    		Security update for openldap2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63999
    P
    		Security update for python3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64903
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:96387
    P
    		Security update for sddm (Moderate)
    2020-11-11
    oval:org.opensuse.security:def:109734
    P
    		Security update for sddm (Moderate)
    2020-11-11
    oval:org.opensuse.security:def:103077
    P
    		Security update for sddm (Moderate)
    2020-11-11
    oval:org.opensuse.security:def:100262
    P
    		Security update for sddm (Moderate)
    2020-11-10
    oval:org.opensuse.security:def:93549
    P
    		Security update for sddm (Moderate)
    2020-11-10
    oval:org.opensuse.security:def:110293
    P
    		Security update for sddm (Moderate)
    2020-11-07
    oval:org.opensuse.security:def:110843
    P
    		Security update for sddm (Moderate)
    2020-11-07
    BACK
    sddm_project sddm *
    opensuse leap 15.1
    opensuse leap 15.2
    debian debian linux 9.0
    debian debian linux 10.0
    fedoraproject fedora 33
    sddm sddm 0.12.0