Описание
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mozc | fixed | 1.12.1599.102-1 | package | |
| mozc | not-affected | wheezy | package | |
| ibus-anthy | fixed | 1.5.4-1 | package | |
| ibus-anthy | not-affected | wheezy | package | |
| ibus-anthy | not-affected | squeeze | package | |
| ibus-pinyin | fixed | 1.5.0-1 | package | |
| ibus-pinyin | not-affected | wheezy | package | |
| ibus-pinyin | not-affected | squeeze | package | |
| ibus-chewing | fixed | 1.4.3-4 | package | |
| ibus-chewing | not-affected | wheezy | package | |
| ibus-chewing | not-affected | squeeze | package |
Примечания
https://www.openwall.com/lists/oss-security/2013/11/04/2
This is rather a bug in the various IBus engines not in ibus itself, asked maintainers to investigate affected engines,
can be assigned to affected engines once more info is available
Introduced in 1.5, so stable/oldstable not affected
EPSS
Связанные уязвимости
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
EPSS