CVE-2020-28049

An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sddm_project:sddm:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

History

03 Feb 2024, 07:15

Type Values Removed Values Added
References
  • () https://security.gentoo.org/glsa/202402-02 -

07 Nov 2023, 03:21

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GT3EX5NSQJJAKY63ENSMEDX6NYZLYY3S/', 'name': 'FEDORA-2021-7066b95c99', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GT3EX5NSQJJAKY63ENSMEDX6NYZLYY3S/ -

Information

Published : 2020-11-04 19:15

Updated : 2024-10-15 18:35


NVD link : CVE-2020-28049

Mitre link : CVE-2020-28049

CVE.ORG link : CVE-2020-28049


JSON object : View

Products Affected

sddm_project

  • sddm

debian

  • debian_linux

fedoraproject

  • fedora

opensuse

  • leap
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')